首页 > 编程入门 文章详情

Nmap渗透测试指南之数据库渗透测试

编程入门 行业动态 更新时间:2024-10-10 17:22:57

Nmap渗透<a href=https://www.elefans.com/category/jswz/34/1771117.html style=测试指南之数据库渗透测试"/>

Nmap渗透测试指南之数据库渗透测试

Nmap渗透测试指南之数据库渗透测试

  • 一. 数据库渗透测试
    • 本章知识点
    • 本章脚本
    • 一 .MySQL列举数据库
      • 参数:
      • 注意:
    • 二. 列举MySQL变量
      • 参数:
      • 操作步骤
      • 分析
    • 三. 检查MySQL密码
      • 参数:
      • 操作步骤
      • 分析
      • 注意:
    • 四. 审计MySQL密码
      • 参数:
      • 操作步骤
      • 分析
    • 五. 审计MySQL安全配置
      • 参数:
      • 操作步骤
      • 分析
    • 六. 审计Oracle密码
      • 参数:
      • 操作步骤
      • 分析
    • 七. 审计 msSQL 密码
      • 参数:
      • 操作步骤
    • 八. 检查msSQL空密码
      • 参数:
      • 操作步骤
    • 九. 读取msSQL数据
      • 参数:
      • 操作步骤
      • 分析
    • 十. msSQL执行系统命令
      • 参数:
      • 操作步骤
      • 分析
    • 十一. 审计PgSQL密码
      • 参数:
      • 操作步骤
      • 分析






一. 数据库渗透测试

本章知识点

  • MySQL列举数据库

  • 列举MySQL变量

  • 检查MySQL密码

  • 审计MySQL密码

  • 审计MySQL安全配置

  • 审计Oracle密码

  • 审计msSQL密码

  • 检查msSQL密码

  • 读取msSQL数据

  • msSQL执行系统命令

  • 审计PgSQL密码

本章节将介绍Nmap脚本在数据库渗透方面的应用,Nmap脚本基本会涉及各个方面的应用,其对数据库的支持也是自然不会少的。通过本章学习,读者可以了解Nmap对数据库安全的作用。

本章脚本

下表所示为本章节所需Nmap命令表,为方便读者查阅,笔者特此整理。

本章所需脚本选项(名称)

脚 本解 释
mysql-databasesMySQL列举数据库
mysql-variablcs列举MySQL变量
mysql-empty-password检查MySQL密码
mysql-brute审计MySQL密码
mysql-audit审计MySQL安全配置
oracle-brute审计Oracle密码
ms-sql-brute审计msSQL密码
ms-sql-empty-password检查msSQL空密码
ms-sql-tables读取msSQL数据
ms-sql-xp-cmdshellmsSQL执行系统命令
pgsql-bruts审计PgSQL密码

一 .MySQL列举数据库

参数:

mysql-databases

使用命令“nmap -p 3306 --script mysql-databases --script-args mysqluser=root,mysqlpass=123456 目标”进行Mysql数据库的列举工作。

[root@localhost yum.repos.d]# nmap -p3306 --script mysql-databases --script-args mysqluser=root,mysqlpass=123456 192.168.10.129Starting Nmap 6.40 (  ) at 2023-10-19 14:41 CST
Nmap scan report for 192.168.10.129
Host is up (0.00018s latency).
PORT     STATE SERVICE
3306/tcp open  mysql
| mysql-databases:
|   information_schema
|   mysql
|   performance_schema
|_  sys
MAC Address: 00:0C:29:DA:86:03 (VMware)Nmap done: 1 IP address (1 host up) scanned in 0.09 seconds

分析
如果我们已知目标MySQL的账号和密码,就可以轻易地夺取目标MySQL的所有数据库。如果目标数据库段端口更改了,我们也需要使用-p参数指定相应的数据库端口,使用mysqluser指定目标数据库账号,mysqlpass指定目标数据库密码,如果密码为空则不需填写任何东西,最后指向目标IP地址。

[root@localhost yum.repos.d]# nmap -p 3310 --script mysql-databases --script-args mysqluser=root,mysqlpass 192.168.10.129Starting Nmap 6.40 (  ) at 2023-10-19 14:41 CST
Nmap scan report for 192.168.10.129
Host is up (0.00018s latency).
PORT     STATE SERVICE
3306/tcp open  mysql
| mysql-databases:
|   information_schema
|   mysql
|   performance_schema
|_  sys
MAC Address: 00:0C:29:DA:86:03 (VMware)Nmap done: 1 IP address (1 host up) scanned in 0.09 seconds

从以上结果来看,目标MySQL存在4个库,分别是information_schema、mysql、performance_schema、sys。我们也可以直接连接到目标数据库进行查看,但是这需要具备相应的环境才可以,直接使用Nmap的脚本是相当方便的,这不是Nmap独有的脚本,在Metasploit中也有相应的模块可以查看数据库。

注意:

在Nmap输入多行数据的时候,不需要用回车进行换行,Nmap会自动将多行数据进行换行处理。

二. 列举MySQL变量

参数:

mysql-variables

操作步骤

使用命令“nmap -p 3306 --script=mysql-variables 目标”即可列举目标MySQL变量。

[root@localhost yum.repos.d]# nmap -p 3306 --script mysql-databases --script-args mysqluser=root,mysqlpass=123456 --script=mysql-variables 192.168.10.129Starting Nmap 6.40 (  ) at 2023-10-19 14:48 CST
Nmap scan report for 192.168.10.129
Host is up (0.00028s latency).
PORT     STATE SERVICE
3306/tcp open  mysql
| mysql-databases:
|   information_schema
|   mysql
|   performance_schema
|_  sys
| mysql-variables:
|   auto_generate_certs: ON
|   auto_increment_increment: 1
|   auto_increment_offset: 1
|   autocommit: ON
|   automatic_sp_privileges: ON
|   avoid_temporal_upgrade: OFF
|   back_log: 80
|   basedir: /usr/
|   big_tables: OFF
|   bind_address: *
|   binlog_cache_size: 32768
|   binlog_checksum: CRC32
|   binlog_direct_non_transactional_updates: OFF
|   binlog_error_action: ABORT_SERVER
|   binlog_format: ROW
|   binlog_group_commit_sync_delay: 0
|   binlog_group_commit_sync_no_delay_count: 0
|   binlog_gtid_simple_recovery: ON
|   binlog_max_flush_queue_time: 0
|   binlog_order_commits: ON
|   binlog_row_image: FULL
|   binlog_rows_query_log_events: OFF
|   binlog_stmt_cache_size: 32768
|   binlog_transaction_dependency_history_size: 25000
|   binlog_transaction_dependency_tracking: COMMIT_ORDER
|   block_encryption_mode: aes-128-ecb
|   bulk_insert_buffer_size: 8388608
|   character_set_client: latin1
|   character_set_connection: latin1
|   character_set_database: latin1
|   character_set_filesystem: binary
|   character_set_results: latin1
|   character_set_server: latin1
|   character_set_system: utf8
|   character_sets_dir: /usr/share/mysql/charsets/
|   check_proxy_users: OFF
|   collation_connection: latin1_swedish_ci
|   collation_database: latin1_swedish_ci
|   collation_server: latin1_swedish_ci
|   completion_type: NO_CHAIN
|   concurrent_insert: AUTO
|   connect_timeout: 10
|   core_file: OFF
|   datadir: /var/lib/mysql/
|   date_format: %Y-%m-%d
|   datetime_format: %Y-%m-%d %H:%i:%s
|   default_authentication_plugin: mysql_native_password
|   default_password_lifetime: 0
|   default_storage_engine: InnoDB
|   default_tmp_storage_engine: InnoDB
|   default_week_format: 0
|   delay_key_write: ON
|   delayed_insert_limit: 100
|   delayed_insert_timeout: 300
|   delayed_queue_size: 1000
|   disabled_storage_engines:
|   disconnect_on_expired_password: ON
|   div_precision_increment: 4
|   end_markers_in_json: OFF
|   enforce_gtid_consistency: OFF
|   eq_range_index_dive_limit: 200
|   error_count: 0
|   event_scheduler: OFF
|   expire_logs_days: 0
|   explicit_defaults_for_timestamp: OFF
|   external_user:
|   flush: OFF
|   flush_time: 0
|   foreign_key_checks: ON
|   ft_boolean_syntax: + -><()~*:""&|
|   ft_max_word_len: 84
|   ft_min_word_len: 4
|   ft_query_expansion_limit: 20
|   ft_stopword_file: (built-in)
|   general_log: OFF
|   general_log_file: /var/lib/mysql/localhost.log
|   group_concat_max_len: 1024
|   gtid_executed_compression_period: 1000
|   gtid_mode: OFF
|   gtid_next: AUTOMATIC
|   gtid_owned:
|   gtid_purged:
|   have_compress: YES
|   have_crypt: YES
|   have_dynamic_loading: YES
|   have_geometry: YES
|   have_openssl: YES
|   have_profiling: YES
|   have_query_cache: YES
|   have_rtree_keys: YES
|   have_ssl: YES
|   have_statement_timeout: YES
|   have_symlink: DISABLED
|   host_cache_size: 279
|   hostname: localhost.localdomain
|   identity: 0
|   ignore_builtin_innodb: OFF
|   ignore_db_dirs:
|   init_connect:
|   init_file:
|   init_slave:
|   innodb_adaptive_flushing: ON
|   innodb_adaptive_flushing_lwm: 10
|   innodb_adaptive_hash_index: ON
|   innodb_adaptive_hash_index_parts: 8
|   innodb_adaptive_max_sleep_delay: 150000
|   innodb_api_bk_commit_interval: 5
|   innodb_api_disable_rowlock: OFF
|   innodb_api_enable_binlog: OFF
|   innodb_api_enable_mdl: OFF
|   innodb_api_trx_level: 0
|   innodb_autoextend_increment: 64
|   innodb_autoinc_lock_mode: 1
|   innodb_buffer_pool_chunk_size: 134217728
|   innodb_buffer_pool_dump_at_shutdown: ON
|   innodb_buffer_pool_dump_now: OFF
|   innodb_buffer_pool_dump_pct: 25
|   innodb_buffer_pool_filename: ib_buffer_pool
|   innodb_buffer_pool_instances: 1
|   innodb_buffer_pool_load_abort: OFF
|   innodb_buffer_pool_load_at_startup: ON
|   innodb_buffer_pool_load_now: OFF
|   innodb_buffer_pool_size: 134217728
|   innodb_change_buffer_max_size: 25
|   innodb_change_buffering: all
|   innodb_checksum_algorithm: crc32
|   innodb_checksums: ON
|   innodb_cmp_per_index_enabled: OFF
|   innodb_commit_concurrency: 0
|   innodb_compression_failure_threshold_pct: 5
|   innodb_compression_level: 6
|   innodb_compression_pad_pct_max: 50
|   innodb_concurrency_tickets: 5000
|   innodb_data_file_path: ibdata1:12M:autoextend
|   innodb_data_home_dir:
|   innodb_deadlock_detect: ON
|   innodb_default_row_format: dynamic
|   innodb_disable_sort_file_cache: OFF
|   innodb_doublewrite: ON
|   innodb_fast_shutdown: 1
|   innodb_file_format: Barracuda
|   innodb_file_format_check: ON
|   innodb_file_format_max: Barracuda
|   innodb_file_per_table: ON
|   innodb_fill_factor: 100
|   innodb_flush_log_at_timeout: 1
|   innodb_flush_log_at_trx_commit: 1
|   innodb_flush_method:
|   innodb_flush_neighbors: 1
|   innodb_flush_sync: ON
|   innodb_flushing_avg_loops: 30
|   innodb_force_load_corrupted: OFF
|   innodb_force_recovery: 0
|   innodb_ft_aux_table:
|   innodb_ft_cache_size: 8000000
|   innodb_ft_enable_diag_print: OFF
|   innodb_ft_enable_stopword: ON
|   innodb_ft_max_token_size: 84
|   innodb_ft_min_token_size: 3
|   innodb_ft_num_word_optimize: 2000
|   innodb_ft_result_cache_limit: 2000000000
|   innodb_ft_server_stopword_table:
|   innodb_ft_sort_pll_degree: 2
|   innodb_ft_total_cache_size: 640000000
|   innodb_ft_user_stopword_table:
|   innodb_io_capacity: 200
|   innodb_io_capacity_max: 2000
|   innodb_large_prefix: ON
|   innodb_lock_wait_timeout: 50
|   innodb_locks_unsafe_for_binlog: OFF
|   innodb_log_buffer_size: 16777216
|   innodb_log_checksums: ON
|   innodb_log_compressed_pages: ON
|   innodb_log_file_size: 50331648
|   innodb_log_files_in_group: 2
|   innodb_log_group_home_dir: ./
|   innodb_log_write_ahead_size: 8192
|   innodb_lru_scan_depth: 1024
|   innodb_max_dirty_pages_pct: 75.000000
|   innodb_max_dirty_pages_pct_lwm: 0.000000
|   innodb_max_purge_lag: 0
|   innodb_max_purge_lag_delay: 0
|   innodb_max_undo_log_size: 1073741824
|   innodb_monitor_disable:
|   innodb_monitor_enable:
|   innodb_monitor_reset:
|   innodb_monitor_reset_all:
|   innodb_numa_interleave: OFF
|   innodb_old_blocks_pct: 37
|   innodb_old_blocks_time: 1000
|   innodb_online_alter_log_max_size: 134217728
|   innodb_open_files: 2000
|   innodb_optimize_fulltext_only: OFF
|   innodb_page_cleaners: 1
|   innodb_page_size: 16384
|   innodb_print_all_deadlocks: OFF
|   innodb_purge_batch_size: 300
|   innodb_purge_rseg_truncate_frequency: 128
|   innodb_purge_threads: 4
|   innodb_random_read_ahead: OFF
|   innodb_read_ahead_threshold: 56
|   innodb_read_io_threads: 4
|   innodb_read_only: OFF
|   innodb_replication_delay: 0
|   innodb_rollback_on_timeout: OFF
|   innodb_rollback_segments: 128
|   innodb_sort_buffer_size: 1048576
|   innodb_spin_wait_delay: 6
|   innodb_stats_auto_recalc: ON
|   innodb_stats_include_delete_marked: OFF
|   innodb_stats_method: nulls_equal
|   innodb_stats_on_metadata: OFF
|   innodb_stats_persistent: ON
|   innodb_stats_persistent_sample_pages: 20
|   innodb_stats_sample_pages: 8
|   innodb_stats_transient_sample_pages: 8
|   innodb_status_output: OFF
|   innodb_status_output_locks: OFF
|   innodb_strict_mode: ON
|   innodb_support_xa: ON
|   innodb_sync_array_size: 1
|   innodb_sync_spin_loops: 30
|   innodb_table_locks: ON
|   innodb_temp_data_file_path: ibtmp1:12M:autoextend
|   innodb_thread_concurrency: 0
|   innodb_thread_sleep_delay: 10000
|   innodb_tmpdir:
|   innodb_undo_directory: ./
|   innodb_undo_log_truncate: OFF
|   innodb_undo_logs: 128
|   innodb_undo_tablespaces: 0
|   innodb_use_native_aio: ON
|   innodb_version: 5.7.43
|   innodb_write_io_threads: 4
|   insert_id: 0
|   interactive_timeout: 28800
|   internal_tmp_disk_storage_engine: InnoDB
|   join_buffer_size: 262144
|   keep_files_on_create: OFF
|   key_buffer_size: 8388608
|   key_cache_age_threshold: 300
|   key_cache_block_size: 1024
|   key_cache_division_limit: 100
|   keyring_operations: ON
|   large_files_support: ON
|   large_page_size: 0
|   large_pages: OFF
|   last_insert_id: 0
|   lc_messages: en_US
|   lc_messages_dir: /usr/share/mysql/
|   lc_time_names: en_US
|   license: GPL
|   local_infile: ON
|   lock_wait_timeout: 31536000
|   locked_in_memory: OFF
|   log_bin: OFF
|   log_bin_basename:
|   log_bin_index:
|   log_bin_trust_function_creators: OFF
|   log_bin_use_v1_row_events: OFF
|   log_builtin_as_identified_by_password: OFF
|   log_error: /var/log/mysqld.log
|   log_error_verbosity: 3
|   log_output: FILE
|   log_queries_not_using_indexes: OFF
|   log_slave_updates: OFF
|   log_slow_admin_statements: OFF
|   log_slow_slave_statements: OFF
|   log_statements_unsafe_for_binlog: ON
|   log_syslog: OFF
|   log_syslog_facility: daemon
|   log_syslog_include_pid: ON
|   log_syslog_tag:
|   log_throttle_queries_not_using_indexes: 0
|   log_timestamps: UTC
|   log_warnings: 2
|   long_query_time: 10.000000
|   low_priority_updates: OFF
|   lower_case_file_system: OFF
|   lower_case_table_names: 0
|   master_info_repository: FILE
|   master_verify_checksum: OFF
|   max_allowed_packet: 4194304
|   max_binlog_cache_size: 18446744073709547520
|   max_binlog_size: 1073741824
|   max_binlog_stmt_cache_size: 18446744073709547520
|   max_connect_errors: 100
|   max_connections: 151
|   max_delayed_threads: 20
|   max_digest_length: 1024
|   max_error_count: 64
|   max_execution_time: 0
|   max_heap_table_size: 16777216
|   max_insert_delayed_threads: 20
|   max_join_size: 18446744073709551615
|   max_length_for_sort_data: 1024
|   max_points_in_geometry: 65536
|   max_prepared_stmt_count: 16382
|   max_relay_log_size: 0
|   max_seeks_for_key: 18446744073709551615
|   max_sort_length: 1024
|   max_sp_recursion_depth: 0
|   max_tmp_tables: 32
|   max_user_connections: 0
|   max_write_lock_count: 18446744073709551615
|   metadata_locks_cache_size: 1024
|   metadata_locks_hash_instances: 8
|   min_examined_row_limit: 0
|   multi_range_count: 256
|   myisam_data_pointer_size: 6
|   myisam_max_sort_file_size: 9223372036853727232
|   myisam_mmap_size: 18446744073709551615
|   myisam_recover_options: OFF
|   myisam_sort_buffer_size: 8388608
|   myisam_stats_method: nulls_unequal
|   myisam_use_mmap: OFF
|   mysql_native_password_proxy_users: OFF
|   net_buffer_length: 16384
|   net_read_timeout: 30
|   net_retry_count: 10
|   net_write_timeout: 60
|   new: OFF
|   ngram_token_size: 2
|   offline_mode: OFF
|   old: OFF
|   old_alter_table: OFF
|   old_passwords: 0
|   open_files_limit: 5000
|   optimizer_prune_level: 1
|   optimizer_search_depth: 62
|   optimizer_switch: \xA9\x01index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,engine_condition_pushdown=on,index_condition_pushdown=on,mrr=on,mrr_cost_based=on,block_nested_loop=on,batched_key_access=off,materialization=on,semijoin=on,loo
|   n=on,firstmatch=on,duplicateweedout=on,subquery_materialization_cost_based=on,use_index_extension: =on,condition_fanout_filter=on,derived_merge=on,prefer_ordering_index=on)\x00\x00P\x0Foptimizer_trace\x18enabled=off,

更多推荐

Nmap渗透测试指南之数据库渗透测试

本文发布于:2023-12-07 19:34:53,感谢您对本站的认可!
本文链接:https://www.elefans.com/category/jswz/34/1671650.html
版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系,我们将在24小时内删除。
本文标签:测试   数据库   指南   Nmap

发布评论

评论列表 (有 0 条评论)

最近发表

草根站长

>www.elefans.com

编程频道|电子爱好者 - 技术资讯及电子产品介绍!

热门文章

标签列表