An attacker’s location in the application space and/or the network will largely define how they would approach breaking into a SQL Server 2000 machine from a remote location. If their attacks go through SQL Injection via a web server then their ‘cursus incursi’ will be considerably different from those when direct access can be gained to the SQL Server. Consequently, this paper will be split into four main sections. The first section will cover attacks that do not require the attacker to have a user ID and password for the SQL Server, that is, the attacks are unauthenticated. The second section will cover those attacks that do require authentication; to succeed the user must be logged onto the SQL Server. The third section will consider those attacks that can be launched from a compromised server.
Before any job is undertaken, be it grouting the shower or paving a patio, a lot of unnecessary grief can be avoided by getting the right tools before hand and attacking a computer system is no different. As far as compromising a Microsoft SQL Server is concerned the ‘tools of the trade’ are a combination of the SQL Server client tools, such as Query Analyzer, SQLPing and a C compiler. One of the most important tools is a copy of MS SQL Server itself. It’s far better to examine vulnerability and code an exploit for it on a system in the lab, rather than experimenting on the live target system. Whilst SQL Server is generally good at handling exceptions and remains up, there are some areas where an access violation will bring the server down and this generally is not a good thing. Further, for every exception raised and caught an entry is added to the Application Event Log, again something that should be avoided where possible. If the attacker is intent upon breaking into the SQL Server, and it’s fully patched, then they may need to discover their own new vulnerability. Having access to the server software, in this scenario, is an absolute must. A good decompiler such as Datarescue’s IDA Pro will help enormously too, where stress testing turns up nothing and one must turn to reverse engineering.
source: ngssoftware.com
Download pdf Threat Profiling Microsoft SQL Server
Related Searches: sql server client, ms sql server, sql server 2000, microsoft sql server, unnecessary grief
Categories
Archives
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
Today's Search Terms:
- reparaturanleitung honda eu10i - rapidshare c# net numerical methods - canon pixma ip 1700 download - wordpress blogs - wordpress blogs - Volvo Penta (09 2009) torrent - samsung a707 manuel - samsung a707 manuel - samsung a707 manuel - HVAC rapidshare com/ - samsung a707 manuel - samsung a707 manuel - file type:pdf(steps for creating client /server programming) - file type:pdf(steps for creating client /server programming) - Autodesk Inventor pdf Ebook Cz Download - file type:pdf(steps for creating client /server programming) - c# mobile code - autocad 2007 tutorials - Concurrent Programming on Windows - dead to rights visual walkthrough - 2002 honda accord service manual rapidshare - download harry potter and chamber of secrets game free - 2002 vw jetta owners manual - voip basics ppt - 2006 mini-cooper s car engine diagram - 2006 mini-cooper s car engine diagram - honda accord 96 manual free download - how to replace 2005 prius blower motor - motorcycle repair ebooks - SPSS for Windows Step by Step 16 EMost Popular
- iPod shuffle User's Guide (Manual)
- Renault Workshop Repair Manual PDF
- VolksWagen Golf and Jetta Routine Maintenance and Servicing Manual
- VolksWagen Golf & Jetta Service and Repair Manual
- Volkswagen Beetle Manual PDF
- Hacking the XBOX 360 for Noobs Tutorial
- VW Golf and Jetta Braking System PDF Manual
- Renault Workshop Repair Manual PDF
- VolksWagen Golf III / Jetta III Wiring Diagram Manual
- Renault All Types Service Manual PDF
Random Posts
- Motorola W385 Fact Sheet
- Windows Movie Maker Tutorial
- Setting Up Microsoft Outlook 2007
- Mashups in Plone: Leveraging Web 2.0
- Programming SQL Server 2008 Datasheet
- Web 2.0 Attacks Revealed
- 3d modelling for Virtual Reality Tutorial #2 – VRML sliding door
- Digital Network Appliance Reference Design Users Guide Manual
- Converting an AutoCAD Drawing into PDF File
- Breaking into computer networks from the Internet PDF
Free Ebook Manual Download is proudly powered by WordPress - BloggingPro theme by: Design Disease
RSS feed for comments on this post · TrackBack URI
Leave a reply