Penetration testing

Kali Linux: Top 5 tools for database security assessments

July 13, 2021 by Mosimilolu Odusanya

With the increasing size of data generated by organizations and the growing number of attacks and database breaches. Organizations today overlook their databases without realizing that one of the goals of a malicious individual is to gain access to their data (typically their crown jewels). Some popular data breaches where the SQL injection vulnerability was exploited to gain access to customer data include Freepik, Heartland Payment Systems (cost $300 million), Talk Talk and Archos. 

There are many benefits of carrying out a database security assessment and there are five tools available on Kali Linux for performing a database security assessment in your IT environment.

Benefits of database security assessments

A database security assessment aims to review the IT environment and identify security vulnerabilities on their databases and review the security controls implemented. Some of the benefits of carrying out a database security assessment include:

  • It enables a proactive security approach.
  • It provides an accurate representation of the organization’s IT environment at any given time.
  • It highlights existing security weaknesses and vulnerabilities in configurations and IT environments which can lead to data breaches, malicious infiltration and more.
  • It assesses and validates the security measures and mechanisms already implemented.
  • It helps organizations to meet legal, regulatory and compliance requirements (e.g., ISO27001).
  • It evaluates the effectiveness of security policies and procedures.

Top 5 database security assessment tools on Kali Linux

1. SQLMap

SQLMap is an advanced and automatic open-source Python-based SQL injection tool. It is used in automating the process of detecting and exploiting SQL injection vulnerabilities and taking full control of database servers. Some of its features include:

  • Can be used across several database engines including Oracle, MSSQL, MySQL, PostgreSQL and more.
  • Can be used to detect and exploit various types of injection attacks such as boolean-based blind SQL injection, error-based SQL injection, UNION query SQL injection, stacked queries SQL injection and time-based blind SQL injection.
  • Can be used to brute-force password hashes.
  • Can be used to upload or download files from the database (only works on MYSQL, PostgreSQL and MSSQL servers).
  • Can be used to execute arbitrary commands and retrieve their standard output (only works on MYSQL, PostgreSQL and MSSQL servers).
  • Can be used to connect directly to the database without passing via a SQL injection by providing the database details such as DBMS credentials, IP address, port and database name.
  • Can be customized.
  • Supports various authentication protocols such as Basic, Digest, NTLM and Certificate.
  • Can be used to fingerprint the backend database software version and underlying operating system fingerprint.

SQLMap

2. SQLNinja

SQLNinja is a specialized Perl-based tool used for exploiting SQL injection vulnerabilities on a web application that uses Microsoft SQL server as its backend. It provides remote access to the vulnerable DB server and is used to help automate the process of taking over a DB server when a SQL injection vulnerability has been discovered. Some of its features include:

  • Can be used on Linux, FreeBSD and Mac operating systems.
  • Can be used to fingerprint the remote SQL server (including its version, user performing the queries, user privileges, xp-cmdshell availability and DB authentication mode).
  • Can be used for data extraction.
  • Can be used to upload executables, via normal HTTP requests, vbscript or debug.exe.
  • Cannot be used to detect the existence of an injection vulnerability, however, when detected, it can be used to exploit the vulnerability to gain access to the detectable.
  • Can be used to brute force the “sa” password using dictionary attacks and incremental attacks.
  • Can be used for privilege escalation to the sysadmin group if the “sa” password has been found.

SQLNinja

3. BBQSQL

BBQSQL is an open-source python-based blind SQL injection framework. It is used for exploiting SQL injection vulnerabilities, especially the blind SQL vulnerability. Some of its features include:

  • Can be customizable.
  • Can be used to assess web applications and patch vulnerabilities detected by the tool.
  • It is automatic and very fast in detecting and exploiting hard-to-find and difficult blind SQL injection vulnerabilities present in an application.
  • Carries out input validation on all configuration options.
  • Can be used to create a custom query and injection syntax.
  • Database agnostic.
  • Can be configured to use either a binary or frequency search technique.
  • It can also be customized to look for specific values in the HTTP response from the application to determine if the SQL injection worked.
  • Requires certain information before it can be used such as URL, HTTP Method, Headers, Cookies, Encoding methods and more.

 

4. JSQL injection

JSQL injection is a java-based application used to find database information from a remote server. It can be used to find and exploit SQL injection vulnerabilities. Some of its features include:

  • Can be used on Windows, Linux and Mac operating systems.
  • Can be used across 33 database engines including Oracle, MSSQL, MySQL, PostgreSQL and more.
  • Can be used to carry various injection attacks such as normal injection, blind injection, error injection and time injection.
  • Can be used to create a web shell and SQL shell on a remote host.
  • Can be used to search for admin pages.
  • Can be used to hash, encode and decode text.
  • Can be used to authenticate using basic, digest, NTLM and Kerberos.
  • Can be used to brute-force hashes.

JSQL injection

5. OScanner

OScanner is a java-based Oracle assessment framework. It comes with plugins with many features. The results are given in a graphical java tree format. Some of its features include:

  • Can be used for SID enumeration.
  • Can be used for brute-forcing passwords.
  • Can be used to enumerate the version of Oracle, account roles, account privileges and password policies.
  • Can be used to enumerate audit information and database links.

OScanner

Keep databases safe with these Kali Linux tools

Databases are a key component of the IT environment of any organization as they house critical and sensitive data utilized by the organization. It is therefore essential that security measures and controls are put in place to protect. It is also important to evaluate the current configurations, security measures, controls, policies and procedures implemented to determine their effectiveness.

 

Sources:

  1.     Kali Linux Tools Listing, Kali
  2.     JSQL-Injection, GitHub
  3.     SQLMap, GitHub
  4.     BBQSQL, GitHub
  5.     SQL Server & Injection Tool, SQLNinja
Posted: July 13, 2021
Articles Author
Mosimilolu Odusanya
View Profile

Mosimilolu (or 'Simi') works as a full-time cybersecurity consultant, specializing in privacy and infrastructure security. Outside of work, her passions includes watching anime and TV shows and travelling.

Leave a Reply

Your email address will not be published. Required fields are marked *