Archive

Posts Tagged ‘Firebird’

Pentesting Firebird Databases

January 9, 2015 Leave a comment

There seems to be limited information on pentesting Firebird databases on the Internet.
Firebird database server listens on TCP port 3050.

One good resource I found is http://blog.opensecurityresearch.com/2012/07/fun-with-firebird-database-default.html.

It seems like most people do not change the default SYSDBA credentials for their Firebird database. Below are the default credentials. 
Username:
SYSDBA
Password: masterkey

I have encountered before that the access card database system was using Firebird database for its backend.
This python script requires pyfirebirdsql library from https://github.com/nakagami/pyfirebirdsql.

Firebird requires you to supply the database name on the server you are trying to.
One way to get around it is to check for active connections on the Firebird database server.

What this tools does is to
1. Connect to the Firebird database server using the default credentials
2. List the connected databases
3. Dump the records from the Firebird database server

You can also use the -wordlist argument to supply it a wordlist of database names so that it can attempt to brute-force. That is useful if there aren’t any active connections (or databases not mounted) on the Firebird database that you are trying to access.

Below is a screenshot of the tool in action.
firebirdBrute.py

The common-tables.txt file from sqlmap is useful if you need a wordlist.
https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/txt/common-tables.txt

The tool can be downloaded from the below Github repo.
https://github.com/milo2012/firebirdDump

Advertisements