Explorando vulnerabilidade: Firebird Database Default Credentials

Firebird Database Tools

There are plenty of tools to interact with Firebird. Most commonly that can be grouped into either a client or a Database management tool. We’ll look at one of each.

FlameRobin (Client)

FlameRobinis a database administration tool for Firebird RDBMS. Their goal is to build a tool that is:

  • lightweight (small footprint, fast execution)
  • cross-platform (Linux, Windows, Mac OS X, FreeBSD, Solaris)
  • dependent only on other Open Source software”

–Source: http://www.flamerobin.org/

It is easily installed on BackTrack (or other distros that utilize apt):

 root@bt:~# apt-get install flamerobin

To run, launch X windows and type:

 root@bt:~# flamerobin

You may get the following error message, ignore it and continue:

 root@bt:~# The configuration file:
/root/.flamerobin/fr_databases.conf does not exist or cannot be opened.
This is normal for first time users.  You may now register new servers and databases.

nterrogating the Database

With access to the database, you can do any number of tasks. We'll look a couple to get you started. 

Retrieve Remote Server Version

Using FlameRobin, first “register” the remote server so you are able to communicate with it. First open the FlameRobin GUI, then goto Server -> Register Server -> and enter the following:
  • Display name: Friendly name to call the host, I use the IP
  • Hostname: Hostname or IP address
  • Port Number: will usually be 3050, however this instance is running on another port.

Registering the Server so we can communicate with it

 Next, right click on the server that you just registered, choose "Retrieve server version" and provide your credentials. The default firebird username and password is usually:

 Username: SYSDBA
 Password: masterkey

 You should be provided the version number as shown below:

Adding/Changing Users

Another useful task is to add or change user accounts. An interesting piece of information is that the Firebird database does not check any characters beyond 8 in a password. Thus the masterkey default password might as well be “masterke” as the ‘y’ at the end is never checked because it is beyond 8 characters. Additionally, usernames are not case sensitive, however passwords are CaSe SeNsItIvE.

With FlameRobin

Use the instructions above in the “Retrieve Remote Server Version” section in order to register the remote server if you have not done so already. Then right-click on the server that you just registered, select "Manage Users" and enter the SYSDBA credentials if they are not saved from the remote version enumeration above.

 To add a user, just click "Add User" and provide the required information! To modify other users (including changing their passwords) by clicking on the “details” icon which looks like a magnifying glass over a piece of paper.

Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logo do WordPress.com

Você está comentando utilizando sua conta WordPress.com. Sair /  Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair /  Alterar )

Conectando a %s