Introduction to Pen Testing SQL Server (ISSA KY Workshop)
Text to Speech
Author: Jeremy Druin
Twitter @webpwnized
Thank you for watching. Please support this channel. Up vote, subscribe or even donate by clicking "Support" at https://www.youtube.com/user/webpwnized!
Description: Pen testing, auditing, and remediating Microsoft SQL Server 2008 by Jeremy Druin (Twitter: @webpwnized) from the Kentuckiana ISSA Monthly Workshop - January 2012 - Parts 1 and 2 (Edited together).
Recorded and edited by Adrian Crenshaw. This video covers pen-testing databases such as SQL Server, Oracle, and MySQL. While the demonstrations are exclusively done on SQL Server 2008, the concepts transfer to other vendor products. There was difficulty with the first demo on password cracking due to formatting of the password hashes from the syslogins table. This is solve later in the video by taking the hashes from the sqllogins table and trying again. The original Scapy demo failed since the UDP source port was set to 53/DNS (Scapy's default port for UDP). Later in the video the demo worked when the source port was changed to 10000, 1000, and 54.
The webpwnized YouTube channel is dedicated to information security, security testing and ethical hacking. There is an emphasis on web application security but many other topics are covers. Some of these include forensics, network security, security testing tools and security testing processes. The channel provides videos to encourage software developers and system administrators to perform security testing. Also, the channel educates the next generation of security testers and bug bounty hunters who want to respectfully, legally and ethically help system owners that allow security testing.
2013-01-09 02:20:50
source
Gloss