-
See https://www.infosecmatter.com/firebird-database-exploitation/
-
In Oracle SQL, a SID (Service Identifier) is basically a database. Enumeration Get general information tnscmd10g -h $target Try to get a SID: tnscmd10g status-p 1521 -h $target Another tool: Oracle Scanner oscanner -s $target -P 1521 Metasploit module scanner/oracle/tnslsnr_version Brute force SID hydra -L /usr/share/metasploit-framework/data/wordlists/sid.txt -s 1521 $target oracle-sid nmap --script oracle-sid-brute -p 1521 $target Brute…
-
Connect from the command line mongo 'mongodb://mark:5AYRft73VtFpc84k@localhost:27017/myplace' Show databases show dbs Switch to database use <db> Show all collections (“tables”) show collections Show all entries from a collection db.<collection>.find() Add a document db.products.insert( { item: "card", qty: 15 } ) Injections Show all records of the current table, assuming there is a WHERE clause for one field.…