Database Penetration Test Process/Checklist

  • [ ] Scan for defaults ports used by the database
  • [ ] Scan for nondefault ports used by the database
  • [ ] Identify the instance names used by the database.
  • [ ] Identify the version number of the database
  • [ ] Sniff database-related traffic on the local wire. * [ ] Test Microsoft SQL Server * [ ] Test for direct access interrogation * [ ] Scan for MSSQL Server Ports (TCP/UDP 1433) * [ ] Scan for MSSQL Resolutions Services * [ ] Test for buffer overflows in extended stored procedures * [ ] Test for service account registry key. * [ ] Test for SQL injection attack vulnerability. * [ ] Test for blind SQL injection attack vulnerability * [ ] Test for vulnerability to Google hacks * [ ] Attempt direct-exploit attacks * [ ] Try to retrieve server account list * [ ] Use osql test for default/common passwords. * [ ] Try to retrieve the sysxlogins table * [ ] Brute-force the SA account.
  • [ ] Test Oracle Server * [ ] Port-scan UDP/TCP ports (TCP/UDP 1433)
  • [ ] Check the status of TNS Listener Running on the Oracle Server.
  • [ ] Try to log in using defaults account passwords.
  • [ ] Try to enumerate SIDs
  • [ ] Test MySQL Server * [ ] Port-scan UDP/TCP ports
  • [ ] Extract the version of the database being used.
  • [ ] Try to log in using default/common passwords
  • [ ] Use a dictionary attack to try to break into account’s
  • [ ] Extract system and user tabled from the database.

--

--

--

Trusted Veteran | Compassionate. Aspiring. Resourceful.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

A Complete List Of All AMA’s On GinGr

Digital ownership for non geeks

Top 10 Container Security Best Practices

What is Threat Intelligence? Importance of Integrated Security Solution

How to extract Chrome Passwords using python/python3!

Security in Digital Payments 101 for FinTech Companies and Payment Service Providers

{UPDATE} Tattoo Design Studio Game Hack Free Resources Generator

🔔ANNOUNCEMENT ABOUT THE END OF ZIKJOB’S 2ND AIRDROP EVENT🔔

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Austin Songer

Austin Songer

Trusted Veteran | Compassionate. Aspiring. Resourceful.

More from Medium

Configure Application Auto Scaling to manage Lambda provisioned concurrency on a schedule

DIY Smart Blinds — Part 1

Setting Up Active Admin With Rails 6 API

Amazon EC2 Setup with Ubuntu and XAMPP Installation