 |
Hacking Databases for Owning your Data |
Description:
A short while back, I began a new series on database hacking, and now it's time to continue and extend your education in that field. As you know, the database contains all of the most valuable info for the hacker, including personally identifiable information, credit card numbers, intellectual property, etc. So, it's the ultimate goal of cybercrime and the APT hacker.
If you haven't read my guide on getting started in database hacking, this would be a good time to brush up on some basic concepts. In addition, I also did a tutorial on finding SQL Server databases, and I recommend reading both of those guides before continuing below.
In this tutorial, we'll look at how we can crack the password on the system admin (SA) account on the database, install an interpreter payload through calling the stored procedure xp_cmdshell, and wreak havoc on their system.
0 comments:
Post a Comment