darkcybe
  • 👋whoami
  • Security Operations
    • 💉Threat Mangement
      • Identify
        • Developing a Security Program
        • Governance, Risk, and Compliance (GRC)
        • Security Architecture
      • Protect
        • Vulnerability Mangement
        • Identity and Access Management (IAM)
        • Zero Trust
    • 👩‍💻Threat Detection
      • Detect
        • Continuous Monitoring & Security Operations Center (SOC)
        • Cyber Threat Intelligence (CTI)
    • 🚒Threat Response
      • Respond
        • Digital Forensics and Incident Response (DFIR)
      • Recover
  • Offensive Security Operations
    • 🎯Penetration Testing
      • Techniques
        • MITRE ATT&CK
          • Reconnaissance
          • Resource Development
            • T1608 - Stage Capabilities
              • Staging Malware and Tools on Kali Linux
          • Initial Access
          • Execution
          • Persistence
          • Privilege Escalation
          • Defense Evasion
          • Credential Access
          • Discovery
          • Lateral Movement
          • Collection
          • Command and Control
          • Exfiltration
          • Impact
        • CAPEC
          • 100 - Overflow Buffers
          • 66 - SQL Injection
          • 94 - Adversary-in-the-Middle (AiTM)
          • 252 - PHP Local File Inclusion (LFI)
          • 560 - Use of Known Domain Credentials
          • 644 - Use of Captured Hashes (Pass-the-Hash (PtH))
          • 633 - Token Impersonation
        • Technology Focused
          • Cloud
            • Amazon Web Services (AWS)
            • Google Cloud Platform (GCP)
          • Network Protocols and Services
            • Port 20/21 - FTP
            • Port 22 - SSH
            • Port 23 - Telnet
            • Port 25 - SMTP
            • Port 53 - DNS
            • Port 80 - HTTP
            • Port 110/995 - POP3
            • Port 135/593 - MSRPC
            • Port 137-139 - NetBIOS
            • Port 143/993 - IMAP
            • Port 443 - HTTPS
            • Port 445 - SMB
            • Port 3389 - RDP
            • Port 5355 - LLMNR
            • ARP
            • Databases
              • Port 1433/1434 - MSSQL
              • Port 3306 - MySQL/MariaDB
            • DHCP
          • Web
            • PHP
          • Windows
            • Active Directory
          • Wireless
          • Linux
      • Offensive Security Tools
    • 🚩Capture The Flag (CTF)
  • Guides
    • 🔍DFIR
      • Evidence Artifacts
        • Event Logs
        • Windows
          • Evidence of...
            • Account Usage
            • File Download
            • Program Execution
            • External Device Activity
            • File and Folder Interaction
            • Lateral Movement
            • Network and Browser History
      • DFIR Tools
        • Malware and File Analysis
          • Sigcheck
          • DensityScout
        • Memory Forensics
          • Volatility
        • Program Execution
          • PeCmd
          • WxTcmd
          • AmcacheParser
          • JumpListExplorer (JLE)
          • AppCompatCacheParser
          • SrumECmd
        • DFIR Toolkits
          • Registry Explorer
          • Incident Timelines
      • Theat Analysis
        • Analysis
          • iOS Popup Scam
        • Emulation
    • 🥷Ethical Hacking
      • Exploitation
      • Post-Exploitation
      • Reporting and Documentation
    • ⛳CTF Walkthroughs
      • 📦Hack The Box (HTB)
        • 🚶HTB Walkthroughs
    • 👷‍♀️Security Engineering
      • Building a Cybersecurity Home Lab
        • Step 1: Lab Design and Architecture
        • Step 2: Installing and Configuring VMware ESXi 8
        • Step 3: Installing the OPNsense Firewall
        • Step 4: Configuring OPNsense Firewall Rules
  • General Resources
    • 🐳Deep Dives
      • Public Key Infrastructure (PKI)
    • 🐍Programming
      • Python
    • 🏋️Training
      • 🗓️Study Methodology
    • 🥠Semi-Pro Tips
      • Linux
      • Windows
      • Resources
Powered by GitBook
On this page
  • Relational Databases
  • SQL Injection
  • Non-Relational Databases
  1. Offensive Security Operations
  2. Penetration Testing
  3. Techniques
  4. Technology Focused
  5. Network Protocols and Services

Databases

PreviousARPNextPort 1433/1434 - MSSQL

Last updated 2 years ago

Relational and Non-Relational databases are a valuable target for attackers, with sensitive information often stored within the database tables such as Personally Identifiable Information (PII) and credentials. There are also several vulnerabilities and misconfigurations that can be exploited by an attacker to gain remote shell access to the host running the platform, privilege escalation and malicious program execution.

Relational Databases

Structured Query Language (SQL) is a language specifically designed for managing structured data within relational database systems and is commonly used as backend storage for many software and web applications. See the post for more background information.

There are multiple relational database management systems (RDBMS), some of the most commonly encountered, their default ports and tool applicability are listed in the below table:

Service
Port
Nmap
MSF
Hydra
SQLmap
Other

MSSQL

1433-1434

X

X

X

X

Crackmapexec Impacket

MySQL/MariaDB

3306

X

X

X

X

Oracle

1521

X

X

X

X

Oscanner ODAT

PostgreSQL

5432

X

X

X

X

SQL Injection

See for verbose information and steps involved in conducting a SQL Injection attack.

Non-Relational Databases

Non-Relational databases store data in a different format than Relational databases that rely on SQL. Non-Relational databases are often categorized as Not Only SQL (NoSQL) and are generally defined as a database that does not use tables, fields, and columns that structured data required. There are a few different categories of Non-Relational databases such as; Document, Key-Value, Graph, File Systems, etc.

As with the various RDBMS solutions, there are a number of Non-Relational systems, some of the most commonly encountered, their default ports and tool applicability are listed in the below table. Other solutions which aren't typically listed as NoSQL databases are added here also, such as Redis and Memcached which are memory storage solutions and Hadoop, NFS, AFP, and iSCSI which are file systems.

Service
Port
Nmap
MSF
Hydra
Other

AFP

548

X

X

X

Cassandra

9042

X

X

Hadoop HDFS

50070 50075 50090

X

Hadoop Mapreduce

50030 50060

X

Memcached

11211

X

X

X

MongoDB

27017

X

X

X

NFS

2049

X

X

NFSshell

Redis

6579

X

X

X

iSCSI

3260

X

Open-iSCSI iSCSIadm

🎯
SQL Overview
CAPEC 66 - SQL Injection