Successfully reported this slideshow.
Your SlideShare is downloading. ×

Database honeypot by design

Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Upcoming SlideShare
3.3. Database honeypot
3.3. Database honeypot
Loading in …3
×

Check these out next

1 of 23 Ad

More Related Content

Viewers also liked (20)

Similar to Database honeypot by design (20)

Advertisement

More from qqlan (20)

Recently uploaded (20)

Advertisement

Database honeypot by design

  1. 1. Vote
  2. 2. Vote
  3. 3. Database honeypot by design @GiftsUngiven @cyberpunkych
  4. 4. Pre-history
  5. 5.
  6. 6.
  7. 7. bla bla bla
  8. 8. Data analysis Бро, не забудь надеть очки, дальше хэкерская правда
  9. 9. Data analysis #1 client request LOAD DATA LOCAL INFILE "C:Windowssystem32driversetchosts" INTO TABLE mysql.test
  10. 10. Data analysis #2 server response
  11. 11. Data analysis #3 client answer
  12. 12. Data analysis #? What if we skip client request and just send server response to get a file for any request?
  13. 13. Data analysis #?
  14. 14. Data analysis #! 1 – client send ‘select’ query request 2 – server send response ‘I want a file’ 3 – client send file content
  15. 15. Profit! - a little bit of script language to automate process - A lot of fun
  16. 16. Remember me? Now you know what to do!
  17. 17. Honeypot? Want to hack my mysql? Okay… I will exchange your requests for your files. Please, run ‘msfconsole’ under root.
  18. 18. Whhyyyyyy?
  19. 19. Good guy Ares We: MiTM? Ares: No problems! http://intercepter.nerf.ru/
  20. 20. Good guy Ares
  21. 21. Is it vulnerable?
  22. 22. Tnhx. questions?

×