Shulou(Shulou.com)06/03 Report--

This article focuses on "how to solve the problem of MSSQL database attack", interested friends may wish to take a look. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn how to solve the problem of MSSQL database being attacked.

Preface

The annual test of network security construction results is about to begin. In the most critical battle of network security attack and defense drills, office applications, Web middleware and databases are the main targets of attackers. Due to the largest use, databases often become one of the preferred targets of attackers.

Take Microsoft SQL Server as an example, in addition to the common SQL injection vulnerabilities, the attackers will also use some "unexpected" tactics to turn the original advantages of SQL Server into a breakthrough of the attack. for example, under the corresponding permissions, attackers can use the powerful stored procedures of SQL Server to perform different advanced functions, and attack user database systems by adding SQL Server database users and privilege maintenance. The attackers'"uncommon" database attacks and the defensive side's response ideas are described in detail below.

Overview of SQL Server

SQL Server is a relational database management system (RDBMS) developed by Microsoft. It is one of the most popular DBMS on the market. SQL Server has a wide range of uses and can be used in a variety of ways, from storing the content of personal blogs to storing customer data.

Prior to version 2017, SQL Server was only available for Windows. One of the biggest changes in SQL Server 2017 is that it is now available on Linux and Docker containers. This means that you can run SQL Server on Mac.

Available versions of SQL Server

Version description Enterprise Edition this version runs only on the Windows Server operating system. Suitable for large production database servers with high priority for speed and availability. Provides features such as replication and online analytical process (OLAP) services that may increase their security risks. This version of Standard Edition is similar to Enterprise Edition, but lacks virtual interface system local area network (VI SAN) support and some advanced OLAP features. Personal Edition is intended for workstations and laptops, not servers. Its design supports up to five database users. The developer-oriented version of Developer Edition, which has similar functionality to Enterprise Edition, does not mean it can be run in a real production environment. Client / server database system

SQL Server is a client / server database management system (DBMS). This allows many different clients to connect to the SQL Server at the same time. Each of these clients can be connected through a different tool.

For example, one client may use a graphical tool such as SQL Server Management Studio (SSMS), while another client may use a command-line tool such as sqlcmd. At the same time, the website can also connect to the SQL Server from the Web application. And there may be many other clients that use their own tools to connect for their own purposes.

The main advantage of client / server DBMS is that multiple users can access it at the same time, each with a specific level of access. If the database administrator configures the corresponding permissions, any client connected to SQL Server will only be able to access the database they are allowed to access. They can only perform the tasks they are allowed to perform. All of this is controlled from within the SQL Server itself.

SQL Server is a set of Windows services that run on the operating system in the context of a service account. Each time you install an SQL Server instance, you actually install a set of Windows services with a unique name. Existing SQL Server account types:

Windows account.

SQL Server login (inside SQL Server).

Database user (SQL Server internal).

The Windows account and SQL Server login are used to log in to SQL Server. Unless the system administrator, the SQL Server login must be mapped to the database user to access the data. Database users are created separately at the database level.

The common roles of SQL Server are:

Sysadmin role: SQL Server administrator.

Public role: least privileged, similar to the everyone group in Windows.

For more information, please refer to https://docs.microsoft.com/en-us/sql/relational-databases/security/authentication-access/server-level-roles?view=sql-server-2017

TDS protocol

Tabular data flow (Tabular Data Stream, TDS) protocol is an application layer protocol for the interaction between database server and client, which is adopted by Microsoft SQL Server database and Sybase database products.

TDS VersionSupported Products4.2Sybase SQL Server

= 107.0Microsoft SQL Server 7.07.1Microsoft SQL Server 20007.2Microsoft SQL Server 2005

For a detailed analysis of the protocol structure, please refer to http://freetds.cvs.sourceforge.net/checkout/freetds/freetds/doc/tds.html

Note that these "breakthroughs" may be exploited by the attackers.

The following is a brief introduction to some common ways to use the attack surface of SQL Server.

SQL Server dangerous stored procedure xp_cmdshell

Query whether the xp_cmdshell stored procedure exists

Xtype is the object type, and xtype='x', indicates that the object type of the stored procedure is an extended stored procedure.

Select * from master.dbo.sysobjects where xtype='x' and name='xp_cmdshell'

The TSQL code determines whether to turn on xp_cmdshell.

Declare @ RunningOnACluster char (1) declare @ xp_cmdshell_available char (1) declare @ result int set @ xp_cmdshell_available='Y' set @ result=0select @ RunningOnACluster=case when convert (int, serverproperty ('IsClustered')) = 1 then' Y'else'N' end if (0 = (select value_in_use from sys.configurations where name='xp_cmdshell')) set @ xp_cmdshell_available='N' if @ RunningOnACluster='Y' beginif @ result=1if @ xp_cmdshell_available='N'select @ result=2endselect @ result

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.