How to hack a Database.

A database is a system of software to store and retrieve information in a structured format. Early databases were flat files, kind of like a big Excel file. As databases got bigger and bigger, this simple structure proved inefficient.

The best way to make sure your database is secure from hackers is to think like a hacker. If you were a hacker, what sort of information would you be looking for? How would you try to get it? There are numerous types of databases and many different ways to hack them, but most hackers will either try to crack the database root password or run a known database exploit comes Mercury tool which is used in information gathering of the target.

The Structure of a Database

This relational database model links data from separate tables by using a shared column or “key”. The diagram below is of a simple relational database model where all the tables are linked by the column “ID”. Structure sample is shown below:

Major Vendors in the Database Market

The enterprise database market has multiple vendors offering products that can accomplish the same task, but in different ways. The major players in this market are:

Oracle : They are the behemoth in this market with nearly 50% market share. They own multiple different database software products, including their namesake and MySQL.

Microsoft SQL Server : Microsoft entered this market in the early ’90s by teaming up with Sybase to develop an enterprise database offering. As a result, MS SQL Server and Sybase still share many similarities. Originally, Microsoft was only a player in the small business market, but is slowly gaining traction in the larger enterprise market.

MySQL : This is an open-source database that you will find behind so many web sites, in part, because it’s free.

IBM DB2 : IBM was the original enterprise database provider and made many the major developments in database design, but like everything about IBM, it has been in decline in recent decades.

Other major vendors include Sybase, SAS, PostgreSQL (open source), and many others. Generally, like any hack, we need to do good recon to determine the software and version to be successful as most of the database hacks are vendor specific.

According to ethical hacking researcher of International Institute of Cyber Security says Mercury comes in bundle of other information gathering tools that’s why while testing a web application you don’t need to install separate tools.

Mercury is one of the tools used to collect information about the target website or database. It comprises of various small tools which are used to gather information. For showing you we have tested this tool on Kali Linux.

  • Before installing this tool make sure you have selenium in your Kali Linux. For that type sudo apt-get update
  • Type sudo apt-get install selenium
  • Type git clone https://github.com/MetaChar/Mercury.git
  • Then type ls
  • Type cd Mercury
  • Type pip install -r requirements.txt
pip install -r requirements.txt
Requirement already satisfied: colorama in /usr/lib/python2.7/dist-packages (from -r requirements.txt (line 1))
Collecting hashlib (from -r requirements.txt (line 2))
Using cached https://files.pythonhosted.org/packages/74/bb/9003d081345e9f0451884146e9ea2cff6e4cc4deac9ffd4a9ee98b318a49/hashlib-20081119.zip
Complete output from command python setup.py egg_info:
Traceback (most recent call last):
File "", line 1, in
File "/usr/lib/python2.7/dist-packages/setuptools/init.py", line 12, in
import setuptools.version
File "/usr/lib/python2.7/dist-packages/setuptools/version.py", line 1, in
import pkg_resources
File "/usr/lib/python2.7/dist-packages/pkg_resources/init.py", line 36, in
import email.parser
File "/usr/lib/python2.7/email/parser.py", line 12, in
from email.feedparser import FeedParser
File "/usr/lib/python2.7/email/feedparser.py", line 27, in
from email import message
File "/usr/lib/python2.7/email/message.py", line 16, in
import email.charset
File "/usr/lib/python2.7/email/charset.py", line 13, in
import email.base64mime
File "/usr/lib/python2.7/email/base64mime.py", line 40, in
from email.utils import fix_eols
File "/usr/lib/python2.7/email/utils.py", line 27, in
import random
File "/usr/lib/python2.7/random.py", line 49, in
import hashlib as _hashlib
File "hashlib.py", line 115, in
f()
TypeError: 'frozenset' object is not callable

----------------------------------------

Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-build-hK3fYS/hashlib/
  • The above command shows the error because some of the libraries are not inherited inside the code of the mercury.
  • But still some of the main features of the mercury which are used in information gathering can be used.
  • Type python Mercury.py
  • The above are the list of tools used in information gathering.

CHECKING WEBSITE ONLINE/OFFLINE :-

  • Type 5
  • Then type https://hack.me
Enter a choice  ~# 5
Enter a host name include https: https://www.hack.me
Attempt 1 at host: https://www.hack.me: online
Attempt 2 at host: https://www.hack.me: online
Attempt 3 at host: https://www.hack.me: online
Attempt 4 at host: https://www.hack.me: online
Attempt 5 at host: https://www.hack.me: online
  • The above command shows that target website is online. Mercury tries to ping on the target to showcase that the target is online.
  • The above is the basic method used in initial phase of information gathering.

GETTING AN IP ADDRESS OF THE TARGET :-

  • Type 10
  • Type hack.me
Enter a choice  ~# 10
Enter a website url hack.me
74.50.111.244
  • The above command shows the IP address of the target.

CREATING AN HASH VALUE OF THE WORD :-

  • Type 12
  • Then type testword or any word of your choice.
Enter a choice  ~# 12
Please Enter a Word/String To Hash: testword
97d7f037cc3360e21991849c0dff4985
  • The above command can be helpful to create an hash encode of target. The hash encode can be helpful to attack using other hacking activities.

DOWNLOAD TOOLS USING MERCURY :-

  • There are many tools in mercury which you can download and use them in information gathering. Some of the tools do include in Kali Linux and some are the basic tools that can be used.
  • Type 13
Enter a choice  ~# 13
  • Then type any number of which you want to install the tool.
  • Type 6
    [0] Metasploit          [9] Aircrack
    [1] Mercury             [10] Wifite
    [2] Nmap                [11] Hammer
    [3] Lazy script         [12] Xerxes
    [4] fsociety            [13] XSStrike
    [5] Reaver              [14] Wpscan
    [6] InstaBrute          [15] Cupp
    [7] Cl0neMas3r          [16] Hydra
    [8] Sqlmap


    [100] Install All       [99] Exit submenu
Tools ~# 6
  • Then the tool will be downloaded and can be used in other hacking activities.

USE MERCURY FOR DOS ATTACK :-

  • Type 23
  • Type 192.168.1.105 target IP address.
 Enter a choice  ~# 23
Enter an ip address: 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
  • The above command is useful in DOS attack. DOS is the most popular attacks. This method can be used in other hacking activities.

FINDING ADMIN PANEL :-

  • Type 22
  • Then type www.hack.me
  • Type https
Enter a choice  ~# 22
Enter a site to scan just www: www.hack.me
Is the link https or https: https
https://www.hack.me/a
https://www.hack.me/dm
https://www.hack.me/in.
https://www.hack.me/php
https://www.hack.me/
https://www.hack.me/admin.
https://www.hack.me/html
https://www.hack.me/index.ph
https://www.hack.me/p
https://www.hack.me/login.php
https://www.hack.me/
  • The above command tries to find the admin panel of target. This method can be used in other hacking activities.
  • Mercury uses its own wordlist for creating an most common admin panel links.

USING NMAP IN MERCURY :-

  • Type 14
  • Type y if you have nmap install if not type n.
  • Then type 192.168.1.105
Enter a choice  ~# 14
Have you already installed nmap? y/n y
Enter an ip: 192.168.1.105
Starting Nmap 7.70 ( https://nmap.org ) at 2018-12-31 04:00 EST
NSE: Loaded 148 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 04:00
Completed NSE at 04:00, 0.00s elapsed
Initiating NSE at 04:00
Completed NSE at 04:00, 0.00s elapsed
Initiating ARP Ping Scan at 04:00
Scanning 192.168.1.105 [1 port]
Completed ARP Ping Scan at 04:00, 0.07s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 04:00
Completed Parallel DNS resolution of 1 host. at 04:00, 0.09s elapsed
Initiating SYN Stealth Scan at 04:00
Scanning dvwa (192.168.1.105) [1000 ports]
Discovered open port 80/tcp on 192.168.1.105
Discovered open port 443/tcp on 192.168.1.105
Discovered open port 3306/tcp on 192.168.1.105
Discovered open port 21/tcp on 192.168.1.105
Discovered open port 22/tcp on 192.168.1.105
Completed SYN Stealth Scan at 04:00, 0.16s elapsed (1000 total ports)
Initiating Service scan at 04:00
Scanning 5 services on dvwa (192.168.1.105)
Completed Service scan at 04:01, 12.10s elapsed (5 services on 1 host)
Initiating OS detection (try #1) against dvwa (192.168.1.105)
NSE: Script scanning 192.168.1.105.
Initiating NSE at 04:01
Completed NSE at 04:01, 1.58s elapsed
Initiating NSE at 04:01
Completed NSE at 04:01, 0.00s elapsed
Nmap scan report for dvwa (192.168.1.105)
Host is up (0.00100s latency).
Not shown: 995 closed ports
PORT STATE SERVICE VERSION
21/tcp open ftp ProFTPD 1.3.2c
22/tcp open ssh OpenSSH 5.3p1 Debian 3ubuntu4 (Ubuntu Linux; protocol 2.0)
80/tcp open http Apache httpd 2.2.14 ((Unix) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1)
| http-cookie-flags:
| /:
| PHPSESSID:
|_ httponly flag not set
|http-favicon: Unknown favicon MD5: 69C728902A3F1DF75CF9EAC73BD55556 | http-methods: | Supported Methods: GET HEAD POST OPTIONS
| http-robots.txt: 1 disallowed entry
|/ |_http-server-header: Apache/2.2.14 (Unix) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1 | http-title: Damn Vulnerable Web App (DVWA) - Login |_Requested resource was login.php 443/tcp open ssl/http Apache httpd 2.2.14 ((Unix) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1) | http-cookie-flags: | /: | PHPSESSID: | httponly flag not set
|http-favicon: Unknown favicon MD5: 69C728902A3F1DF75CF9EAC73BD55556 | http-methods: | Supported Methods: GET HEAD POST OPTIONS
| http-robots.txt: 1 disallowed entry
|/ |_http-server-header: Apache/2.2.14 (Unix) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1 | http-title: Damn Vulnerable Web App (DVWA) - Login |_Requested resource was login.php | ssl-cert: Subject: commonName=localhost/organizationName=Apache Friends/stateOrProvinceName=Berlin/countryName=DE | Issuer: commonName=localhost/organizationName=Apache Friends/stateOrProvinceName=Berlin/countryName=DE | Public Key type: rsa | Public Key bits: 1024 | Signature Algorithm: md5WithRSAEncryption | Not valid before: 2004-10-01T09:10:30 | Not valid after: 2010-09-30T09:10:30 | MD5: b181 18f6 1a4d cb51 df5e 189c 40dd 3280 |_SHA-1: c4c9 a1dc 528d 41ac 1988 f65d b62f 9ca9 22fb e711 |_ssl-date: 2018-12-31T09:01:11+00:00; +4s from scanner time. | sslv2: | SSLv2 supported | ciphers: | SSL2_DES_64_CBC_WITH_MD5 | SSL2_RC4_128_WITH_MD5 | SSL2_RC2_128_CBC_EXPORT40_WITH_MD5 | SSL2_DES_192_EDE3_CBC_WITH_MD5 | SSL2_IDEA_128_CBC_WITH_MD5 | SSL2_RC4_128_EXPORT40_WITH_MD5 | SSL2_RC2_128_CBC_WITH_MD5
3306/tcp open mysql MySQL (unauthorized)
MAC Address: 00:0C:29:58:9E:B1 (VMware)
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:linux_kernel:2.6
OS details: Linux 2.6.17 - 2.6.36
Uptime guess: 0.049 days (since Mon Dec 31 02:50:06 2018)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=198 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel


Host script results:
|_clock-skew: mean: 3s, deviation: 0s, median: 3s

TRACEROUTE
HOP RTT ADDRESS
1 1.00 ms dvwa (192.168.1.105)


NSE: Script Post-scanning.
Initiating NSE at 04:01
Completed NSE at 04:01, 0.00s elapsed
Initiating NSE at 04:01
Completed NSE at 04:01, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 16.90 seconds
Raw packets sent: 1020 (45.626KB) | Rcvd: 1016 (41.358KB)

The above command uses nmap and shows open ports, MAC address, OS and information what nmap normally shows.

The above information can be used in other hacking activities, say ethical hacking professors.

Disclaimer: this article is strictly for educational purpose and not to be used for any unlawful act.

for further questions or hacking services visit www.alienmanhackers.xyz

mail: alienmanh4cck@protonmail.com

skype: alienm4n

Share

Leave a Reply

Your email address will not be published.