Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

of

Database honeypot by design Slide 1 Database honeypot by design Slide 2 Database honeypot by design Slide 3 Database honeypot by design Slide 4 Database honeypot by design Slide 5 Database honeypot by design Slide 6 Database honeypot by design Slide 7 Database honeypot by design Slide 8 Database honeypot by design Slide 9 Database honeypot by design Slide 10 Database honeypot by design Slide 11 Database honeypot by design Slide 12 Database honeypot by design Slide 13 Database honeypot by design Slide 14 Database honeypot by design Slide 15 Database honeypot by design Slide 16 Database honeypot by design Slide 17 Database honeypot by design Slide 18 Database honeypot by design Slide 19 Database honeypot by design Slide 20 Database honeypot by design Slide 21 Database honeypot by design Slide 22 Database honeypot by design Slide 23
Upcoming SlideShare
[Russia] MySQL OOB injections
Next
Download to read offline and view in fullscreen.

5 Likes

Share

Download to read offline

Database honeypot by design

Download to read offline

Related Books

Free with a 30 day trial from Scribd

See all

Database honeypot by design

  1. 1. Vote
  2. 2. Vote
  3. 3. Database honeypot by design @GiftsUngiven @cyberpunkych
  4. 4. Pre-history
  5. 5.
  6. 6.
  7. 7. bla bla bla
  8. 8. Data analysis Бро, не забудь надеть очки, дальше хэкерская правда
  9. 9. Data analysis #1 client request LOAD DATA LOCAL INFILE "C:Windowssystem32driversetchosts" INTO TABLE mysql.test
  10. 10. Data analysis #2 server response
  11. 11. Data analysis #3 client answer
  12. 12. Data analysis #? What if we skip client request and just send server response to get a file for any request?
  13. 13. Data analysis #?
  14. 14. Data analysis #! 1 – client send ‘select’ query request 2 – server send response ‘I want a file’ 3 – client send file content
  15. 15. Profit! - a little bit of script language to automate process - A lot of fun
  16. 16. Remember me? Now you know what to do!
  17. 17. Honeypot? Want to hack my mysql? Okay… I will exchange your requests for your files. Please, run ‘msfconsole’ under root.
  18. 18. Whhyyyyyy?
  19. 19. Good guy Ares We: MiTM? Ares: No problems! http://intercepter.nerf.ru/
  20. 20. Good guy Ares
  21. 21. Is it vulnerable?
  22. 22. Tnhx. questions?
  • ssuser0efdb0

    Nov. 9, 2017
  • cwZerro

    Nov. 18, 2014
  • ssuser7c619d

    Feb. 22, 2014
  • akamajoris

    Feb. 11, 2014
  • makargafarov

    Aug. 29, 2013

Views

Total views

6,229

On Slideshare

0

From embeds

0

Number of embeds

1,590

Actions

Downloads

38

Shares

0

Comments

0

Likes

5

×