Hacking Knowledge
  • 🏠​ Homepage
    • Welcome
    • About Me
    • Disclaimer
    • Conventions
  • 🔑Cybersecurity Basics
    • Introduction
    • Vulnerabilities
    • Cyberattacks
      • Cyber Kill Chain
      • Malware
    • Security Models
      • Methodologies
    • Legal Support
    • Career Paths
    • Certifications
    • Related Concepts
  • 🐧Linux
    • Introduction
    • Functional Structure
      • File Permissions
      • Environment Variables
      • Crontabs
    • Commands
      • Operators
    • Useful Shell Resources
    • Related Concepts
  • ⊞ Windows
    • Introduction
    • Functional Structure
      • File Permissions
      • Environment Variables and System Tools
      • System Events
    • Commands
    • Related Concepts
  • 🌐Networks
    • Introduction
    • Networking Frameworks
      • OSI Model
      • TCP/IP Model
    • Protocols
      • ARP
      • TCP
      • NetBIOS
      • SNMP
      • DNS
      • HTTP
      • Telnet
      • FTP
      • TFTP
      • SMB
      • RDP
      • SSH
      • SMTP
      • POP 3
      • IMAP
      • Oracle TNS
      • IPMI
    • Hypervisors
    • Related Concepts
    • Tools and Utilities
  • 🔐Cryptography
    • Introduction
    • Encoding (WIP)
    • Encryption (WIP)
      • Types of encryption (WIP)
      • Methods of Encryption (WIP)
    • Hashing
      • Well-known Hashes (WIP)
    • Related Concepts
    • Tools and Utilities
    • Useful Tips
  • 👣Digital Forensics
    • Introduction
    • Basic Plan
    • Related Concepts
    • Tools and Utilities
    • Useful Tips
  • 🎯Penetration Testing
    • Introduction
    • Categorization
    • Process Stages
      • Pre-engagement
      • Information Gathering
        • OSINT
          • Dorking
          • Searching breach data dumps
        • Enumeration
          • Get information from SSL certificates
          • Retrieve information from IMAP/POP3 servers
          • Redirect HTTP traffic using Feroxbuster and ZAP
          • Mount accesible NFS Shares
          • Bruteforce subdomains
        • Tools and Utilities
        • Useful Tips
      • Vulnerability Assessment
      • Exploitation
        • Tools and Utilities
        • Useful Tips
      • Post-Exploitation
        • Techniques (WIP)
        • Privilege Escalation
          • Linux Privilege Escalation
          • Windows Privilege Escalation
        • Tools and Utilities
        • Useful Tips
      • Lateral Movement
      • Proof-of-Concept
      • Post-engagement
        • Sample Report (WIP)
    • Related Concepts
  • 📡Web Exploitation
    • Introduction
    • OWASP Top 10
      • Broken Access Control
      • Cryptographic Failures
      • Injection
      • Insecure Design
      • Security Misconfiguration
      • Vulnerable and Outdated Components
      • Identification and Authentication Failures
      • Software and Data Integrity Failures
      • Security Logging and Monitoring Failures
      • Server-side Request Forgery
    • Attack Techniques
      • Local File Inclusion
      • Remote File Inclusion
      • Cross-Site Scripting
      • Command injection
      • XXE Injection
      • Abuse File Upload
      • Cross-Site Request Forgery
      • Header Poisoning
      • HTTP Parameter Pollution
      • Content Security Policy Bypass
      • Exposed .htaccess and .htpasswd files
      • Server-Side Request Forgery
      • Server-Side Template Injection
      • Cookie Hijacking
      • Null Byte Poisoning
      • PHP - Abuse PHP Type Juggling
      • PHP - Bypass using filters
      • WordPress - Abuse Theme Configuration on templates
      • WordPress - Getting credentials from configuration files
      • CVE - Log4Shell
    • Related Concepts
    • Tools and Utilities
    • Useful Tips
  • 🗄️Database Attacks
    • Introduction
    • SQL
      • MySQL
      • MSSQL
      • SQLite3
    • Attack Techniques
      • SQL Injection
        • Authentication Bypass
      • NoSQL Injection
      • MS SQL - xp_cmdshell Abuse
      • MongoDB - Impersonation via credentials change
    • Related Concepts
    • Tools and Utilities
    • Useful Tips
  • 👥Active Directory
    • Introduction
    • Related Concepts (WIP)
    • Tools and Utilities (WIP)
    • Useful Tips (WIP)
  • ☁️CLOUD HACKING
    • Introduction
    • Related Concepts
    • Tools and Utilities (WIP)
    • Useful Tips (WIP)
  • 📜Scripting
    • Introduction
    • Reverse Shell
    • Bind shell
    • Web Shell
  • 🚩Practical Skill Development
    • Learning Platforms
      • Hack The Box
      • TryHackMe
      • picoCTF
    • Featured Labs
    • CTF Competitions
  • 📝Write-Ups
    • Introduction
    • HTB Starting Point
      • Meow (Tier 0)
      • Fawn (Tier 0)
      • Dancing (Tier 0)
      • Redeemer (Tier 0)
      • Explosion (Tier 0)
      • Preignition (Tier 0)
      • Mongod (Tier 0)
      • Synced (Tier 0)
      • Appointment (Tier 1)
      • Sequel (Tier 1)
      • Crocodile (Tier 1)
      • Responder (Tier 1)
      • Three (Tier 1)
      • Ignition (Tier 1)
      • Bike (Tier 1)
      • Funnel (Tier 1)
      • Pennyworth (Tier 1)
      • Tactics (Tier 1)
      • Archetype (Tier 2)
      • Oopsie (Tier 2)
      • Vaccine (Tier 2)
      • Unified (Tier 2)
      • Included (Tier 2)
      • Markup (Tier 2)
      • Base (Tier 2)
    • HTB Machines
      • Nibbles (Easy)
      • BountyHunter (Easy)
      • Crafty (Easy)
      • Chemistry (Easy)
    • HTB Challenges
    • HTB Advanced labs
  • Group 1
Powered by GitBook
On this page
  • redis-cli
  • Commands
  • awscli
  • Commands
  • sqlmap
  • Commands
  • Mongocli
  • Commands
  • Mongosh
  • Commands
  • PostgreSQL
  • Commands

Was this helpful?

  1. Database Attacks

Tools and Utilities

Here are some tools and utilities commonly used for practices related to database attacks:

redis-cli

  • A utility used to connect to Redis databases using the command line

Commands

  • Installation

sudo apt install redis

  • Usage

sudo redis-cli
sudo redis-cli -h $hostname #Specify hostname

awscli

  • A utility used to connect to AWS services using the command line

  • It could interact with services such as S3 buckets

Commands

  • Install amazon cli

sudo apt install awscli

  • Configure amazon

sudo aws configure #Set every parameter to temp

  • Access to s3 service

sudo aws --endpoint=http://$url s3 $command #Execute a command on the bucket
sudo aws --endpoint=http://$url s3 ls #List buckets
sudo aws --endpoint=http://$url s3 ls s3://$listedurl #Lists elements in the bucket
sudo aws --endpoint=http://$url s3 cp $file s3://$listedurl #Upload a file to a bucket

sqlmap

  • Detect and take advantage of SQL injection vulnerabilities

Commands

  • Installation

sudo apt install sqlmap

  • Usage

sqlmap -u $URL #Show the sqli vulnerabilities
sqlmap -u "$URL" --dbms $dbname #Specify what database is
sqlmap -r $file.raw #Use a raw petition to set target information
sqlmap -r $file.raw --dump --dbs #Extract information of the databases
sqlmap -r $file.raw --dump --tables #Extract information of the tables
sqlmap -r $file.raw --dump -T $table #Extract information of an specific table
sqlmap -r $file.raw --level $level #Specify intensity level of the attack

Mongocli

  • Utility for connecting to MongoDB databases via the command line

Commands

  • Installation

sudo apt install mongocli

  • Usage

mongo --port $port

Mongosh

Commands

  • Installation

curl -O https://downloads.mongodb.com/compass/mongosh-2.3.2-linux-x64.tgz
tar xvf mongosh-2.3.2-linux-x64.tgz
mv ./bin/mongosh /usr/local/bin

  • Usage

mongosh mongodb://$IP:$PORT

PostgreSQL

Commands

  • Installation

sudo apt install postgresql

  • Usage

psql -h $IP #Connect to the PostgreSQL service
psql -h $IP -p $port #Connect specifying a port
psql -h $IP -U $username #Connect specifying a user
PreviousRelated ConceptsNextUseful Tips

Last updated 2 months ago

Was this helpful?

Adapted utility for connecting to databases via the command line, similar to but with some extra options

Command line utility used to connect or interact with databases

🗄️
PostgreSQL
MongoDB
Mongocli