There seems to be limited information on pentesting Firebird databases on the Internet.
Firebird database server listens on TCP port 3050.
One good resource I found is http://blog.opensecurityresearch.com/2012/07/fun-with-firebird-database-default.html.
It seems like most people do not change the default SYSDBA credentials for their Firebird database. Below are the default credentials.
I have encountered before that the access card database system was using Firebird database for its backend.
This python script requires pyfirebirdsql library from https://github.com/nakagami/pyfirebirdsql.
Firebird requires you to supply the database name on the server you are trying to.
One way to get around it is to check for active connections on the Firebird database server.
What this tools does is to
1. Connect to the Firebird database server using the default credentials
2. List the connected databases
3. Dump the records from the Firebird database server
You can also use the -wordlist argument to supply it a wordlist of database names so that it can attempt to brute-force. That is useful if there aren’t any active connections (or databases not mounted) on the Firebird database that you are trying to access.
The common-tables.txt file from sqlmap is useful if you need a wordlist.
The tool can be downloaded from the below Github repo.