Database Assignment
alapati
OriginalityReport.pdf
10/29/2020 Originality Report
https://blackboard.nec.edu/webapps/mdb-sa-BB5b75a0e7334a9/originalityReport/ultra?attemptId=c1a5fa72-d61f-41e8-a484-21538d03353f&course_i… 1/3
%20
%8
SafeAssign Originality Report Database Security - 202051 - CRN139 - Zarenejad • Week 2 Paper
%28Total Score: Medium risk Bhargav Choudary Alaparthi
Submission UUID: 74a31a49-d551-edf9-af6d-70627808a61a
Total Number of Reports
1 Highest Match
28 % Week #2 Assignment (SQLmap).docx
Average Match
28 % Submitted on
10/29/20 09:54 PM EDT
Average Word Count
661 Highest: Week #2 Assignment (SQLmap).…
%28Attachment 1
Internet (6)
sectechno cyberpunk offensive-security
acunetix securenetworksitc appknox
Institutional database (3)
Student paper Student paper Student paper
Top sources (3)
Excluded sources (0)
View Originality Report - Old Design
Word Count: 661 Week #2 Assignment (SQLmap).docx
2 7 3
4 6 5
8 9 1
2 sectechno 8 Student paper 7 cyberpunk
10/29/2020 Originality Report
https://blackboard.nec.edu/webapps/mdb-sa-BB5b75a0e7334a9/originalityReport/ultra?attemptId=c1a5fa72-d61f-41e8-a484-21538d03353f&course_i… 2/3
Source Matches (9)
Student paper 100% sectechno 63%
SQLMAP 1
SQLMAP 5
SQLmap. Bhargav Alaparthi. New England College.
SQL Map
SQL map is an open-source pen-testing tool that helps in automating the sequence of detecting and making use of SQL injection weaknesses and taking over the tested databases. The tool comes with a very powerful perception engine, many opportunistic features for the chief pen tester, and a wider range of switches
which may include fingerprinting, over data acquisition from a database, to get the niche filesystem, and running the commands on an OS through the out of band connections. Features of SqlMap
The sqlmap is made in a special way which enables it not only to find the bugs but also to make the exploitation of the vulnerability. The scanner, out of the box, comes with greater functionalities, starting from defining the database management system, to creating an immediate dump data, and finalizing with the acquiring the access to a system and accessing the files on the targeted node to run the remote command on the given server. Some of the features of the tool are as follows. Privilege escalation The sqlmap supports the database series in user and privilege escalation by use of the Metersploit’s Meterpreter getsystem command. Here one may find that his session is only limited to certain user rights. This tends to in a great measure limit that can be performed by the user on the remote systems such as the installation of backdoors, manipulation of the registries, websites dumping among others. By the use of the Metasploit meterpreter getsystem, one can
apply various techniques to attempt to escalate the privileges on the remote system. also, by the use of other local exploits, one can do the privilege escalation. SQL injection
The SQL map can be used to perform several types of SQL injection. The SQL injection can be categorized into three parts, i.e, In-band SQLi, Out-of-band-SQLi,
and inferential SQL. The In-band SQLi(classic SQLi) comes into play when the attacker is capable of using the same communication media to start an attack and also to acquire the results. In-band SQLi is further divided into error-based SQLi and union-based SQLi. Inferential SQLi (Blind SQLi)- here the hacker is capable of
reconstructing the database form by sending the malware in payloads or maybe by observing the web application response and the server too. Out-of-Band
SQLi is the exact opposite of In-band SQLi. DBMS support
The sqlmap supports different types of database management systems. i.e, MySQL,Oracle,DB2, Sybase,Firebird,SQLite,PostgreSQL, Microsoft SQL Server
Microsoft Access among others. The tool also supports the direct connection to the database without passing through the SQL injection as it provides the
required DBMS crucial information such as the database name, IP address, and other credentials on the same. With the software included, it also supports the execution of commands and the acquisition of standard results on the installed operating system. Authentication
The sqlmap tool supports the automated recognition of hash format in a password and also enables one to crack them by use of various methods such as the dictionary-based attack. Also, it supports the enumeration of users, columns and rows, schemas, roles passwords hashes, and privileges. This gives the attacker an easy way into the sites hence saving much time. It also allows the uploads and downloads of any file that is in the server underlying the operating system when the server software has been installed. Importance of automated sqlmap
An automated tool is needed so as multiple functions. This tool contains multiple software that works concurrently hence reducing the enormous amount of time one would have taken to crack a password. The tool is very useful as it can support privilege escalation which is an advancement in the previous tools. With the use
of an automated tool, one get s a connection to the database without passing through the SQL injection.
1
2
3
4
5
6
7
8
9
1
Student paper
New England College.
Original source
New England College
2
Student paper
The tool comes with a very powerful perception engine, many opportunistic features for the chief pen tester, and a wider range of switches which may include fingerprinting, over data acquisition from a database, to get the niche filesystem, and running the commands on an OS through the out of band connections.
Original source
It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections
10/29/2020 Originality Report
https://blackboard.nec.edu/webapps/mdb-sa-BB5b75a0e7334a9/originalityReport/ultra?attemptId=c1a5fa72-d61f-41e8-a484-21538d03353f&course_i… 3/3
offensive-security 64%
acunetix 74%
appknox 69%
securenetworksitc 64%
cyberpunk 71%
Student paper 82%
Student paper 63%
3
Student paper
By the use of the Metasploit meterpreter getsystem, one can apply various techniques to attempt to escalate the privileges on the remote system.
Original source
Fortunately, Metasploit has a Meterpreter script, getsystem, that will use a number of different techniques to attempt to gain SYSTEM level privileges on the remote system
4
Student paper
The SQL injection can be categorized into three parts, i.e, In-band SQLi, Out-of- band-SQLi, and inferential SQL.
Original source
SQL Injection can be classified into three major categories – In-band SQLi, Inferential SQLi and Out-of-band SQLi
5
Student paper
In-band SQLi is further divided into error- based SQLi and union-based SQLi.
Original source
error-based SQLi and union-based SQLi
6
Student paper
Out-of-Band SQLi is the exact opposite of In-band SQLi.
Original source
• In-band SQLi • Inferential (Blind) SQLi • Out-of-band SQLi
7
Student paper
i.e, MySQL,Oracle,DB2, Sybase,Firebird,SQLite,PostgreSQL, Microsoft SQL Server Microsoft Access among others.
Original source
Full support for:MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase and SAP MaxDB database management systems
8
Student paper
The tool also supports the direct connection to the database without passing through the SQL injection as it provides the required DBMS crucial information such as the database name, IP address, and other credentials on the same.
Original source
The tool also supports the direct connection of the database without necessarily passing through SQL injection which provides the IP address, the DBMS credentials as well as the database name
9
Student paper
With the use of an automated tool, one get s a connection to the database without passing through the SQL injection.
Original source
The tool further support direct connection to the database without passing through the injection
