Decrypting files/hacking database?


(appie) #1

yo people
i have a question about how web shops databases works. so all our information get saved on a db but where is db saved in a server ? and where in this world are they saved is there any tool with. you can scan it like if you want to hack somthing you gone scan for vulnaribilty’s but with a database i there any spacial tool for it ? like what if some one had a debt on a webshop and he hacked the db’s is it possible to delete everything or encrypt anything. thats my question about database’s.

thanks in advance for your help.

(oaktree) #2

Well, there’s SQL Injection and then just taking over the webserver and editing the db.

(The Philosopher) #3

search for vuln on the server & read the config file you will find the db user & pwd, connect to the db & you can download/edite/delete everything ! but the owner can recover everything with the backup unless you have root access you can erase data or encrypt them.

(appie) #4

but how do i know where the server are en how to scan it with a scan tool or i it like a website can it bey scaned with nikto/nmap and if yes how ??

(oaktree) #5

A website is a domain name. A domain name like is just a human-readable substitute for an IP address. Thus, might point to Doing nmap is like doing nmap

(appie) #6

so when i scan a website it will scan all vulnerability’s for the db ?

(oaktree) #7

Not necessarily. If it’s a webserver, it’s likely that the database files are not exposed to the internet directly. Rather, they’d be accessed by the web controller present on the server.

(appie) #8

so how do i know its a web server ?

(oaktree) #9

Is it a server hosting a website?

(appie) #10

we pretend its a webshop where i don’t know nothing about just that allot of people have debt on that website.

(oaktree) #11

Wait. If you have malicious intentions, I cannot help you. @appie35

(appie) #12

no it isnt :joy:
that is why i said lets pretend.

(oaktree) #13

You’d have to analyze this particular hypothetical transaction service to find its weakpoints.

Things you could possibly do:

  • SE an employee
  • Brute force the SSH
  • SQL Injection

(system) #14

This topic was automatically closed after 30 days. New replies are no longer allowed.