9001 - Pentesting HSQLDB
Last updated
Last updated
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
HSQLDB (HyperSQL DataBase) ni mfumo mkuu wa hifadhidata ya SQL inayohusiana iliyoandikwa kwa Java. Inatoa injini ndogo, ya haraka ya hifadhidata yenye nyuzi nyingi na ya muamala yenye meza za ndani na za diski na inasaidia hali za embedded na server.
Default port: 9001
Kumbuka kwamba kwa default huduma hii inawezekana inafanya kazi katika kumbukumbu au imefungwa kwa localhost. Ikiwa umeipata, huenda umefaidika na huduma nyingine na unatafuta kuongeza mamlaka.
Akida za default kwa kawaida ni sa
zikiwa na nenosiri tupu.
Ikiwa umefaidika na huduma nyingine, tafuta akida zinazowezekana kwa kutumia
Note the database name carefully - you’ll need it to connect.
Connect to the DB instance by downloading HSQLDB and extracting hsqldb/lib/hsqldb.jar
. Run the GUI app (eww) using java -jar hsqldb.jar
and connect to the instance using the discovered/weak credentials.
Note the connection URL will look something like this for a remote system: jdbc:hsqldb:hsql://ip/DBNAME
.
We can call static methods of a Java class from HSQLDB using Java Language Routines. Do note that the called class needs to be in the application’s classpath.
JRTs can be functions
or procedures
. Functions can be called via SQL statements if the Java method returns one or more SQL-compatible primitive variables. They are invoked using the VALUES
statement.
If the Java method we want to call returns void, we need to use a procedure invoked with the CALL
statement.
Create function:
Tekeleza kazi:
You can find a list of system properties here.
You can use the com.sun.org.apache.xml.internal.security.utils.JavaUtils.writeBytesToFilename
Java gadget located in the JDK (auto loaded into the class path of the application) to write hex-encoded items to disk via a custom procedure. Kumbuka ukubwa wa juu wa 1024 bytes.
Create procedure:
Tekeleza utaratibu:
Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)