3.3. database honeypot
TRANSCRIPT
![Page 1: 3.3. Database honeypot](https://reader031.vdocument.in/reader031/viewer/2022020116/55c2c1cfbb61ebc8788b4678/html5/thumbnails/1.jpg)
Database honeypot by design
@GiftsUngiven@cyberpunkych
![Page 2: 3.3. Database honeypot](https://reader031.vdocument.in/reader031/viewer/2022020116/55c2c1cfbb61ebc8788b4678/html5/thumbnails/2.jpg)
Vote
![Page 3: 3.3. Database honeypot](https://reader031.vdocument.in/reader031/viewer/2022020116/55c2c1cfbb61ebc8788b4678/html5/thumbnails/3.jpg)
Vote
![Page 4: 3.3. Database honeypot](https://reader031.vdocument.in/reader031/viewer/2022020116/55c2c1cfbb61ebc8788b4678/html5/thumbnails/4.jpg)
Pre-history
![Page 5: 3.3. Database honeypot](https://reader031.vdocument.in/reader031/viewer/2022020116/55c2c1cfbb61ebc8788b4678/html5/thumbnails/5.jpg)
![Page 6: 3.3. Database honeypot](https://reader031.vdocument.in/reader031/viewer/2022020116/55c2c1cfbb61ebc8788b4678/html5/thumbnails/6.jpg)
![Page 7: 3.3. Database honeypot](https://reader031.vdocument.in/reader031/viewer/2022020116/55c2c1cfbb61ebc8788b4678/html5/thumbnails/7.jpg)
![Page 8: 3.3. Database honeypot](https://reader031.vdocument.in/reader031/viewer/2022020116/55c2c1cfbb61ebc8788b4678/html5/thumbnails/8.jpg)
bla bla bla
![Page 9: 3.3. Database honeypot](https://reader031.vdocument.in/reader031/viewer/2022020116/55c2c1cfbb61ebc8788b4678/html5/thumbnails/9.jpg)
Data analysis
Бро, не забудь надеть очки, дальше хэкерская правда
![Page 10: 3.3. Database honeypot](https://reader031.vdocument.in/reader031/viewer/2022020116/55c2c1cfbb61ebc8788b4678/html5/thumbnails/10.jpg)
Data analysis #1client request
LOAD DATA LOCAL INFILE "C:\\Windows\\system32\\drivers\\etc\\hosts" INTO TABLE mysql.test
![Page 11: 3.3. Database honeypot](https://reader031.vdocument.in/reader031/viewer/2022020116/55c2c1cfbb61ebc8788b4678/html5/thumbnails/11.jpg)
Data analysis #2server response
![Page 12: 3.3. Database honeypot](https://reader031.vdocument.in/reader031/viewer/2022020116/55c2c1cfbb61ebc8788b4678/html5/thumbnails/12.jpg)
Data analysis #3client answer
![Page 13: 3.3. Database honeypot](https://reader031.vdocument.in/reader031/viewer/2022020116/55c2c1cfbb61ebc8788b4678/html5/thumbnails/13.jpg)
Data analysis #?
What if we skip client request and just send server response to get a file for any request?
![Page 14: 3.3. Database honeypot](https://reader031.vdocument.in/reader031/viewer/2022020116/55c2c1cfbb61ebc8788b4678/html5/thumbnails/14.jpg)
Data analysis #?
![Page 15: 3.3. Database honeypot](https://reader031.vdocument.in/reader031/viewer/2022020116/55c2c1cfbb61ebc8788b4678/html5/thumbnails/15.jpg)
Data analysis #!
1 – client send ‘select’ query request2 – server send response ‘I want a file’3 – client send file content
![Page 16: 3.3. Database honeypot](https://reader031.vdocument.in/reader031/viewer/2022020116/55c2c1cfbb61ebc8788b4678/html5/thumbnails/16.jpg)
Profit!
- a little bit of script language to automate process
- A lot of fun
![Page 17: 3.3. Database honeypot](https://reader031.vdocument.in/reader031/viewer/2022020116/55c2c1cfbb61ebc8788b4678/html5/thumbnails/17.jpg)
Remember me? Now you know what to do!
![Page 18: 3.3. Database honeypot](https://reader031.vdocument.in/reader031/viewer/2022020116/55c2c1cfbb61ebc8788b4678/html5/thumbnails/18.jpg)
Honeypot?Want to hack my mysql? Okay… I will exchange your requests for your files.
Please, run ‘msfconsole’ under root.
![Page 19: 3.3. Database honeypot](https://reader031.vdocument.in/reader031/viewer/2022020116/55c2c1cfbb61ebc8788b4678/html5/thumbnails/19.jpg)
Python solves all problems
• https://github.com/Gifts/Rogue-MySql-Server
![Page 20: 3.3. Database honeypot](https://reader031.vdocument.in/reader031/viewer/2022020116/55c2c1cfbb61ebc8788b4678/html5/thumbnails/20.jpg)
Whhyyyyyy?
![Page 21: 3.3. Database honeypot](https://reader031.vdocument.in/reader031/viewer/2022020116/55c2c1cfbb61ebc8788b4678/html5/thumbnails/21.jpg)
Good guy Ares
We: MiTM?Ares: No problems!
http://intercepter.nerf.ru/http://intercepter.nerf.ru/dev.exe
![Page 22: 3.3. Database honeypot](https://reader031.vdocument.in/reader031/viewer/2022020116/55c2c1cfbb61ebc8788b4678/html5/thumbnails/22.jpg)
Good guy Ares
![Page 23: 3.3. Database honeypot](https://reader031.vdocument.in/reader031/viewer/2022020116/55c2c1cfbb61ebc8788b4678/html5/thumbnails/23.jpg)
Is it vulnerable?
![Page 24: 3.3. Database honeypot](https://reader031.vdocument.in/reader031/viewer/2022020116/55c2c1cfbb61ebc8788b4678/html5/thumbnails/24.jpg)
Thnx.
questions?