Tools and Utilities

Here are some tools and utilities commonly used for practices related to database attacks:

redis-cli

  • A utility used to connect to Redis databases using the command line

Commands

  • Installation

sudo apt install redis

  • Usage

sudo redis-cli
sudo redis-cli -h $hostname #Specify hostname

awscli

  • A utility used to connect to AWS services using the command line

  • It could interact with services such as S3 buckets

Commands

  • Install amazon cli

sudo apt install awscli

  • Configure amazon

sudo aws configure #Set every parameter to temp

  • Access to s3 service

sudo aws --endpoint=http://$url s3 $command #Execute a command on the bucket
sudo aws --endpoint=http://$url s3 ls #List buckets
sudo aws --endpoint=http://$url s3 ls s3://$listedurl #Lists elements in the bucket
sudo aws --endpoint=http://$url s3 cp $file s3://$listedurl #Upload a file to a bucket

sqlmap

  • Detect and take advantage of SQL injection vulnerabilities

Commands

  • Installation

sudo apt install sqlmap

  • Usage

sqlmap -u $URL #Show the sqli vulnerabilities
sqlmap -u "$URL" --dbms $dbname #Specify what database is
sqlmap -r $file.raw #Use a raw petition to set target information
sqlmap -r $file.raw --dump --dbs #Extract information of the databases
sqlmap -r $file.raw --dump --tables #Extract information of the tables
sqlmap -r $file.raw --dump -T $table #Extract information of an specific table
sqlmap -r $file.raw --level $level #Specify intensity level of the attack

Mongocli

  • Utility for connecting to MongoDB databases via the command line

Commands

  • Installation

sudo apt install mongocli

  • Usage

mongo --port $port

Mongosh

  • Adapted utility for connecting to MongoDB databases via the command line, similar to Mongocli but with some extra options

Commands

  • Installation

curl -O https://downloads.mongodb.com/compass/mongosh-2.3.2-linux-x64.tgz
tar xvf mongosh-2.3.2-linux-x64.tgz
mv ./bin/mongosh /usr/local/bin

  • Usage

mongosh mongodb://$IP:$PORT

PostgreSQL

  • Command line utility used to connect or interact with PostgreSQL databases

Commands

  • Installation

sudo apt install postgresql

  • Usage

psql -h $IP #Connect to the PostgreSQL service
psql -h $IP -p $port #Connect specifying a port
psql -h $IP -U $username #Connect specifying a user
PreviousRelated ConceptsNextUseful Tips

Last updated