Tip

SQL Server Security: Chapter 2, Under Siege: How SQL Server is Hacked

Written by David Litchfield; Published by McGraw-Hill/Osborne Media

This excerpt is from Chapter 2, Under Siege: How SQL Server is Hacked of SQL Server Security written by David Litchfield and published by McGraw-Hill/Osborne Media. Read the entire chapter here

    Requires Free Membership to View

.

Picking the right tools for the job

Before any job is undertaken, be it grouting the shower or paving a patio, a lot of unnecessary grief can be avoided by getting the right tools beforehand. Attacking a computer system is no different. As far as compromising Microsoft SQL Server is concerned, the tools of the trade are a combination of the SQL Server client tools, such as Query Analyzer, SQLPing and a C compiler. One of the most important tools is a copy of SQL Server itself. It's far better to examine vulnerability and then code an exploit for it on a system in the lab than to experiment on the live target system.

Although SQL Server is generally good at handling exceptions and remaining up, there are some areas where an access violation will bring the server down, which generally is not a good thing. Further, for every exception raised and caught, an entry is added to the Application Event Log, again something that should be avoided where possible if the attacker wants to avoid raising alarms. If the attacker is intent upon breaking into the SQL server, and it's fully patched, then they may need to discover their own new vulnerability. Having access to the server software, in this scenario, is an absolute must. A good decompiler, such as Datarescue's IDA Pro, helps enormously too, where stress testing turns up nothing and one must turn to reverse engineering. Finally, a network capture tool (sniffer), such as NGSSniff or Ethereal, is enormously handy on occasion, too.

The author's SQL Server toolkit consists of the following:

  • MS SQL Server 2000, Developer Edition
  • MS SQL Client tools such as Query Analyzer and odbcping
  • NGSSniff
  • NGSSQLCrack
  • NGSSQuirreL
  • Microsoft Visual C++

In addition to these, there are the author's own tools created using the compiler. You never know what you're going to need in any attempted penetration, so the compiler provides a method to create new tools on the fly. Some of the tools listed above will be discussed throughout various sections of this chapter.


For more information on this topic, visit these resources:

This was first published in September 2003

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.