Decrypting files/hacking database?

appie35 · May 21, 2016, 1:35pm

yo people
i have a question about how web shops databases works. so all our information get saved on a db but where is db saved in a server ? and where in this world are they saved is there any tool with. you can scan it like if you want to hack somthing you gone scan for vulnaribilty’s but with a database i there any spacial tool for it ? like what if some one had a debt on a webshop and he hacked the db’s is it possible to delete everything or encrypt anything. thats my question about database’s.

thanks in advance for your help.

oaktree · May 21, 2016, 2:18pm

Well, there’s SQL Injection and then just taking over the webserver and editing the db.

The_Philosopher · May 21, 2016, 2:26pm

search for vuln on the server & read the config file you will find the db user & pwd, connect to the db & you can download/edite/delete everything ! but the owner can recover everything with the backup unless you have root access you can erase data or encrypt them.

appie35 · May 21, 2016, 3:56pm

but how do i know where the server are en how to scan it with a scan tool or i it like a website can it bey scaned with nikto/nmap and if yes how ??

oaktree · May 21, 2016, 4:35pm

A website is a domain name. A domain name like example.com is just a human-readable substitute for an IP address. Thus, example.com might point to 0.0.0.0. Doing nmap example.com is like doing nmap 0.0.0.0.

appie35 · May 21, 2016, 4:37pm

so when i scan a website it will scan all vulnerability’s for the db ?

oaktree · May 21, 2016, 4:40pm

Not necessarily. If it’s a webserver, it’s likely that the database files are not exposed to the internet directly. Rather, they’d be accessed by the web controller present on the server.

appie35 · May 21, 2016, 4:49pm

so how do i know its a web server ?

oaktree · May 21, 2016, 4:54pm

Is it a server hosting a website?

appie35 · May 21, 2016, 4:57pm

we pretend its a webshop where i don’t know nothing about just that allot of people have debt on that website.

oaktree · May 22, 2016, 12:41am

Wait. If you have malicious intentions, I cannot help you. @appie35

appie35 · May 22, 2016, 12:50pm

no it isnt
that is why i said lets pretend.

oaktree · May 22, 2016, 1:13pm

You’d have to analyze this particular hypothetical transaction service to find its weakpoints.

Things you could possibly do:

SE an employee
Brute force the SSH
SQL Injection

system · January 21, 2018, 12:38am

This topic was automatically closed after 30 days. New replies are no longer allowed.