Database Hacking Part — 1

Update: This article is part of a series. Check out the full series: Part 1, Part 2, Part 3, Part 4!

Tutorial 1 — Hello World! Let’s UDCC

We welcome you to the course of “database hacking”. Generally speaking, if you want to audit anything or you want to perform analysis on any object or any system then it is understood that you are a subject matter expert of that object or system and that is why you have been asked to do such analysis.

Similarly, without any doubts, the same goes for IT Security or you can include ethical hacking and penetration testing. Now a question that may come to mind is “why”?

You cannot hack into any system or application or any server until and unless you have enough knowledge and experience in such a system, application or server. And this is the basic, as well as the mandatory, requirement for security researchers or ethical hackers.

An expert ethical hacker or penetration tester has enough experience in all types of known and commonly used technologies and this covers the following as a minimum requirement:

● Networking devices like routers, switches, firewalls

● Linux / Unix Operating Systems

● Microsoft Operating Systems

If a security professional doesn’t have enough experience in the above technologies then the industry will not consider him or her as an expert. Also, if you want to be successful in the field of information security auditing or core ethical hacking then you should have enough knowledge base for the above listed technologies.

However, this workshop is dedicated to “database hacking” hence we will be talking about databases only and some related technologies which are important to it. Now back to the point that you cannot hack into “something” which you don’t know and this is common sense. Therefore, in this workshop we will first build some knowledge base and then we will move towards hacking into databases. Let’s begin!

Before we understand databases, you might have a question in your mind, what is data? Well we can define data as anything which can be stored, processed in tangible or intangible form.

Example: A person has a name, date of birth, address, and mobile number. Now, information about this person would be termed as data. So these attributes or properties or known things about this person is considered data.

Okay, now the question is how is this data stored? Broadly there can be two ways as follows:

● Stored in an organized form

● Stored in an unorganized form

Great, so when the data is stored in an organized form, it is called a database. And this organization of data can happen in different ways depending on who is organizing the data. We will connect this to something later in the course so please keep a note of here.

Now you need this database to be kept somewhere and you need a service which can help in retrieving this data and can perform processing of different types when it is required or requested by anyone. To accomplish this task “a computer program that provide these type of services either to different other services or users is termed as a database server”. And on a broader scale you can have a complete database management system that is termed as DBMS.

Different companies or vendors designed different database serves and this why the way these servers works are different and differ in many features, however, how the data is retrieved and stored is more or less similar.

Now to talk to the database you need a language in which these database servers speak and this language is called Structured Query Language (SQL).

SQL is simple to learn and this is the language which is used to query all databases and this is the most important language for a security researcher to learn and have enough experience with as this language is spoken and understood by all databases regardless of which vendor database server is implemented on your client side. If you are good in SQL then you can go deeper in hacking that database server.

So far, we have covered what is data and databases and we have also explained SQL to an extent, which is required in this workshop for users who are new to understand these terminologies. We will now first see how you can access these databases although you know SQL, which is the database language, but there is room for communication, as well, like how and where you want to talk to this database server.

Accessing Database Servers

You can access these servers by means of direct access, which we will call backend and this is were you directly execute SQL statements to access a database. Developers and programmers mostly use this. However, an end user may access these servers in an unnoticed fashion when an end user accesses any application which requires connectivity with this backend database server and performs certain queries which are developed as part of this application.

You went to an ecommerce website and created your profile first; the forms you completed have your information and the web page on which you complete the form has a backend connectivity with the database server. So when you completed the form and hit the submit button all of your information goes into that database.

Types of Database Servers

You can find many different vendors available in the industry providing database servers. We will list the well known and most commonly used ones in the industry:

Out of these, the most commonly used are Microsoft SQL Server, Oracle and MYSQL. In our workshop we will focus on first and last will leave Oracle behind.

It’s worthwhile if we put a little light on these servers so that you can grab basic info about them before moving on from basic topics.

We are not in this workshop to learn about databases only, but we want to learn how to hack these database servers so we are not going to explain how these servers work or how you can use them, however, we will present a quick tutorial on how you can setup your home lab for practicing the hacking part on these servers. Those of you don’t have any prior experience with database administration will definitely get the flavor of it.

So far we have been discussing the databases, how information is stored and how it can be accessed. Now let’s put all these things together in a structured or appropriate manner to make the things easy for us to understand and also highlight how the industry works.

The overall database management system (DBMS) depends heavily on the architecture, that means how things will be working in the DBMS environment. We will talk about the most commonly used approach in the industry.

Before we outline the architecture, let’s see what makes the DBMS architecture, as we know that database servers hold data and provide services. End users have needs for accessing these services, as an example. Moreover, they use some applications to talk to backend database servers so this phenomenon gives us a three-tier approach that holds the following three layers.

These three layers, or tiers, form the three-tier database architecture which is shown as follows in a diagrammatic form to present the high level concept about the database architecture, we will also present the function of each tier or layer later.

Presentation Layer (tier)

Users also know about this tier or layer as the end users sit on this layer. End users don’t know anything beyond this layer, however, they can have different types of views or access to this tier.

This is the middle layer in between the first and last layer. Its main function is to provide connectivity so that the top and last layer can talk to each other, but the database tier, basically the application tier, acts like an end user and the database tier doesn’t worry about anything beyond that.

This is where all the data lives with all the relationships to the data that is present; it can have multiple databases running on this layer.

Cool, these are the general concepts that you should understand properly before we move to the next module. This forms the core of database hacking tricks or techniques otherwise you would just be using the tools and not have background knowledge on how these database servers work or the tools to perform the certain actions.

In the next module we will be focused on understanding the structured query language (SQL) and then we will start learning the hacking techniques and tricks to hack into databases from the next module. See you in the next module.

Originally published at