Archive | Database Hacking

Advertisements


04 December 2015 | 1,184 views

VTech Hack – Over 7 Million Records Leaked (Children & Parents)

And once again, the messy technical flaws of a company are being exposed with the recent VTech hack – it’s really not looking good for them with account passwords ‘secured’ with unsalted md5 hashes and all kinds of private information being leaked includes parents addresses, kids birthdays, genders, secret answers and associated meta-data (IP addresses, […]

Continue Reading


28 March 2015 | 2,479 views

Onapsis Bizploit v1.50 – SAP Penetration Testing Framework

Onapsis Bizploit is an SAP penetration testing framework to assist security professionals in the discovery, exploration, vulnerability assessment and exploitation phases of specialized SAP security assessment. The framework currently ships with many plugins to assess the security of SAP Business Platforms. Additional plugins are available for broader platform support including Oracle. Nowadays, most organizations which […]

Continue Reading


26 January 2015 | 2,219 views

OAT – Oracle Auditing Tools For Database Security

Oracle Auditing Tools is a tool kit that could be used to audit security within Oracle database servers. OAT uses CREATE LIBRARY to be able to access the WinExec function in the kernel32.dll in Windows or the system call in libc on Un*x. Having access to this function makes it possible to execute anything on […]

Continue Reading


04 July 2014 | 7,686 views

ODAT (Oracle Database Attacking Tool) – Test Oracle Database Security

ODAT (Oracle Database Attacking Tool) is an open source penetration testing tool that test Oracle database security remotely. Usage examples of ODAT: You have an Oracle database listening remotely and want to find valid SIDs and credentials in order to connect to the database You have a valid Oracle account on a database and want […]

Continue Reading


14 May 2014 | 2,080 views

Navy Sys Admin Hacks Into Databases From Aircraft Carrier

So this story caught my eye and I found it pretty interesting as it reads like something out of a Tom Clancy novel crossed with a bunch of script kiddies, a Navy Sys Admin has been charged with conspiracy to hack – the interesting part was that he hacked the Navy (whilst working there..) and […]

Continue Reading


06 November 2013 | 3,202 views

aidSQL – PHP Application For SQL Injection Detection & Exploitation

aidSQL a PHP application provided for detecting security holes in your website/s. It’s a modular application, meaning that you can develop your very own plugins for SQL injection detection & exploitation. The tool provides pen-testing capabilities for MS-SQL 2000, MySQL 5 and the author promises to add Oracle 10g support – but that doesn’t seem […]

Continue Reading


29 August 2012 | 4,771 views

1 Million Accounts Leaked From Banks, Government Agencies & Consultancy Firms

Seems like some hactivists have been working hard, 1 million accounsts were leaked over the weekend from some pretty serious sources by the group Team GhostShell – who are affiliated with Anonymous. It seems like these weren’t particularly complex or technically adept multi-layer attacks, they were carried out via the most common avenue – SQL […]

Continue Reading


28 June 2012 | 13,783 views

The Mole v0.3 Released For Download – Automatic SQL Injection Exploitation Tool

The Mole is an automatic SQL Injection exploitation tool. All you need to do is provide a vulnerable URL and a valid string on the site you are testing and The Mole will detect the injection and exploit it, either by using the union technique or a boolean query based technique. We did mention The […]

Continue Reading


12 June 2012 | 22,285 views

MySQL 1 Liner Hack Gives Root Access Without Password

The latest news that has hit the streets is the occurence of the easiest hack ever, if you have local shell access (any user privelege level) and you can connect to MySQL – you can get root access to MySQL within a few seconds. I tried this yesterday on one of my servers on Ubuntu […]

Continue Reading


15 February 2012 | 22,915 views

xSQLScanner – Database Password Cracker & Security Audit Tool For MS-SQL & MySQL

xSQL Scanner is a advanced SQL audit tool that allows users to find weak passwords and vulnerabilities on MS-SQL and MySQL database servers. The objective of xSQLScanner is to assist the Security Analyst or Penetration Tester in auditing the security of MS-SQL and MySQL database servers. Features Test for weak password fast; Test for wear/user […]

Continue Reading


Advertisements