Welcome to the course of “database hacking”. In this workshop, we will be extremely focused on talking about tricks and techniques used for hacking into databases and underlying operating system. We will also lay down the general and core concepts for understanding the databases, like how they work, why they are used and what are the known vulnerabilities or weaknesses to exploit and gain illegitimate access. Microsoft SQL Server and MYSQL server are the two main database servers we will be discussing.
However, we will also cover general hacking tricks that can be used in order to hack into any backend database servers. We will consider if live hacking sessions are possible in a live environment which can be shown so that PoC is presented. However, we will cover home lab setup so students can build at home to practice the hacking skills taught in this course. We will also cover Structured Query Language (SQL) which plays a key role for security researchers and in our experiences a security professional or researchers is not considered expert if he or she doesn’t have any solid experience with databases and SQL.
This e-book contains text materials from the course.
>>CHECK THE COURSE<<
Module 1 Understanding Database Core Concepts
Tutorial 1: Hello World! Let’s UDCC
Module 2 SQL Statements with Injection Techniques
Tutorial 1 Introduction to SQL Statements
Example 1 -4: SQLi
Exercise 1 Executing SQL Statements
Tutorial 2 SQL Injections
Exercise 2 Authentication Bypass Attack
Module 3 Walkthrough on Hacking Databases
Tutorial 1 Case Study on Manually Hacking Web Applications
Tutorial 2 Quick Walkthrough on Blind SQL Injection Attack Walkthrough on Compromising Backend Database with SQLi Attack Advanced SQLi Attack
Module 4 What you should know to Advance your Database Hacking Skills
Tutorial 1 Knowledge Base Home Lab – Windows Server 2008 Home Lab – MS SQL Server 2008
Tutorial 2 Vulnerable Web Application Setup Home Lab – IIS Server Home Lab – Database Creation Home Lab – Run The Web Tool: Hacking MYSQL & MS SQL Server with SQLMAP