Skip to content

SQL Injection Enumeration Basics

Jump to bottom
TheGetch edited this page May 14, 2021 · 1 revision

SQL Injection Enumeration Basics

SQL Injection Enumeration Basics

First, before you forget GET SCREENSHOTS!   Now you basically follow the same standard methodology we always do when attacking a new system.

  • Gather Information
  • Enumerate
  • Research
  • Exploit
  • Pivot
  • Repeat

The big questions we need to answer to determine the true impact are:

  • What is the data exposure?
    • User accounts?
    • Passwords?
    • PII?
    • HPII?
    • Classified data?
    • Configurations?
  • What is our access level?
    • Are we a database administrator?
    • Are we unprivileged?
    • Can we modify data through the query?
      • Sometimes we cannot do nested queries, and are effectively read-only

Some of the information you should obtain first is:

  • Database type (Oracle/SQL Server/MySQL/DB2/etc)
  • Database version (full banner)
  • Current database user and groups
  • Host operating system

Then you want to enumerate the database, pull down a list of:

  • Databases
  • Tables
  • Table Schemas
  • Stored procedures
  • Database Users
  • Database User Permissions
  • Active connections

_Sidebar

Home

1. Recon

Ping Sweep

CIDR to IP

2. Enumeration

Enumeration General Notes

Host/Port Scanning

Services

01. FTP (21)

02. SSH (22)

03. SMTP (25)

04. DNS (53)

05. HTTP (80,443,8080,8443,etc.)

06. POP3 (110)

07. SMB (139,445)

08. SNMP (161,162)

09. LDAP (389)

10. MS-SQL or MySQL (1433,3306)

11. RDP (3389)

12. Winrm (5985)

13. Memcache (11221)

3. Exploitation

Exploitation General Notes

4. Post Exploiation

Post Exploitation General Notes

Editable Service

Privilege Escalation

Scheduled Jobs/Tasks

5. High Value Information

Hashes

6. Reporting

7. Random Notes/Useful Tidbits

Clone this wiki locally