Download pptx - Database honeypot by design

  • 1. Vote

2. Vote 3. Database honeypot by design @GiftsUngiven @cyberpunkych 4. Pre-history 5. 6. 7. bla bla bla 8. Data analysis , , 9. Data analysis #1 client request LOAD DATA LOCAL INFILE "C:Windowssystem32driversetchosts" INTO TABLE mysql.test 10. Data analysis #2 server response 11. Data analysis #3 client answer 12. Data analysis #? What if we skip client request and just send server response to get a file for any request? 13. Data analysis #? 14. Data analysis #! 1 client send select query request 2 server send response I want a file 3 client send file content 15. Profit! - a little bit of script language to automate process - A lot of fun 16. Remember me? Now you know what to do! 17. Honeypot? Want to hack my mysql? Okay I will exchange your requests for your files. Please, run msfconsole under root. 18. Whhyyyyyy? 19. Good guy Ares We: MiTM? Ares: No problems! 20. Good guy Ares 21. Is it vulnerable? 22. Tnhx. questions?