Database Penetration Test Process/Checklist
2 min readDec 7, 2020
- [ ] Scan for defaults ports used by the database
- [ ] Scan for nondefault ports used by the database
- [ ] Identify the instance names used by the database.
- [ ] Identify the version number of the database
- [ ] Sniff database-related traffic on the local wire. * [ ] Test Microsoft SQL Server * [ ] Test for direct access interrogation * [ ] Scan for MSSQL Server Ports (TCP/UDP 1433) * [ ] Scan for MSSQL Resolutions Services * [ ] Test for buffer overflows in extended stored procedures * [ ] Test for service account registry key. * [ ] Test for SQL injection attack vulnerability. * [ ] Test for blind SQL injection attack vulnerability * [ ] Test for vulnerability to Google hacks * [ ] Attempt direct-exploit attacks * [ ] Try to retrieve server account list * [ ] Use osql test for default/common passwords. * [ ] Try to retrieve the sysxlogins table * [ ] Brute-force the SA account.
- [ ] Test Oracle Server * [ ] Port-scan UDP/TCP ports (TCP/UDP 1433)
- [ ] Check the status of TNS Listener Running on the Oracle Server.
- [ ] Try to log in using defaults account passwords.
- [ ] Try to enumerate SIDs
- [ ] Test MySQL Server * [ ] Port-scan UDP/TCP ports
- [ ] Extract the version of the database being used.
- [ ] Try to log in using default/common passwords
- [ ] Use a dictionary attack to try to break into account’s
- [ ] Extract system and user tabled from the database.
