As penetration testers, the tools, information, and knowledge we have available to us directly correlates to the amount of entry points we can identify and exploit in any environment. The longer we spend researching and developing individual escalation paths reduces the amount of time for digging into other parts of the network or application. Below we discuss some of the problems we’ve had with SQL injection and its related online resources and introduce our solution to fix them.
Another SQL Injection Wiki?
SQL injections are one of those vulnerabilities that, without a proper knowledge base, can take a surprising amount of time to exploit and still get meaningful results. When you have to exploit them in multiple Database Management Systems (DBMSs) every week it becomes annoying looking up all the queries and table names repeatedly. There are many resources on the internet for various injection types and DBMSs, but they only seem to give a cursory glance of the injections and lack in describing what to do after you successfully exploit one.
One of our Senior Consultants, Alexander Leary, brought up this issue and proposed an idea to Ben Tindell and I earlier this year. Ben, who loves a good wiki, and I, who was terrible at advanced SQL injection, really enjoyed the idea of a comprehensive centralized knowledge base for SQL injection. Through that exchange the NetSPI SQL Injection Wiki was born. Like other sites, aggregating the basics of injections was important. But we also wanted to aggregate what data was most valuable and where it resided within the various DBMSs, while adding injection techniques to extract that data, obfuscate queries, pivot further into the internal network, and more. Most importantly we wanted it all in one, easy to understand, place.
A huge thanks to all those who have already contributed!
We’re excited to be releasing this and we will continue to work on making it as informative and intuitive as possible. For the time being, what other vulnerabilities do you waste the most time on Googling for exploits? Let us know on Twitter @NetSPI, or by leaving a comment below!
PTaaS is NetSPI’s delivery model for penetration testing. It enables customers to simplify the scoping of new engagements, view their testing results in real time, orchestrate faster remediation, perform always-on continuous testing, and more - all through the Resolve™ vulnerability management and orchestration platform.
We help organizations defend against adversaries by being the best at simulating real-world, sophisticated adversaries with the products, services, and training we provide. We know how attackers think and operate, allowing us to help our customers better defend against the threats they face daily.
At NetSPI, we believe that there is simply no replacement for human-led manual deep dive testing. Our Resolve platform delivers automation to ensure our people spend time looking for the critical vulnerabilities that tools miss. We provide automated and manual testing of all aspects of an organization’s entire attack surface, including external and internal network, application, cloud, and physical security.
Our proven methodology ensures that the client experience and our findings aren’t only as good as the latest tester assigned to your project. That consistency gives our customers assurance that if vulnerabilities exist, we will find them.
Is your organization prepared for a ransomware attack? Explore our Ransomware Attack Simulation service.