Database Penetration Test Process/Checklist

  • [ ] Scan for defaults ports used by the database
  • [ ] Scan for nondefault ports used by the database
  • [ ] Identify the instance names used by the database.
  • [ ] Identify the version number of the database
  • [ ] Sniff database-related traffic on the local wire.
    • [ ] Test Microsoft SQL Server
      • [ ] Test for direct access interrogation
      • [ ] Scan for MSSQL Server Ports (TCP/UDP 1433)
      • [ ] Scan for MSSQL Resolutions Services
      • [ ] Test for buffer overflows in extended stored procedures
      • [ ] Test for service account registry key.
      • [ ] Test for SQL injection attack vulnerability.
      • [ ] Test for blind SQL injection attack vulnerability
      • [ ] Test for vulnerability to Google hacks
      • [ ] Attempt direct-exploit attacks
      • [ ] Try to retrieve server account list
      • [ ] Use osql test for default/common passwords.
      • [ ] Try to retrieve the sysxlogins table
      • [ ] Brute-force the SA account.
    • [ ] Test Oracle Server
      • [ ] Port-scan UDP/TCP ports (TCP/UDP 1433)
      • [ ] Check the status of TNS Listener Running on the Oracle Server.
      • [ ] Try to log in using defaults account passwords.
      • [ ] Try to enumerate SIDs
    • [ ] Test MySQL Server
      • [ ] Port-scan UDP/TCP ports
      • [ ] Extract the version of the database being used.
      • [ ] Try to log in using default/common passwords
      • [ ] Use a dictionary attack to try to break into account's
      • [ ] Extract system and user tabled from the database.