Rubyfu
Rubyfu
Twitter
Github
Module 0x0 | Introduction
Contribution
Beginners
Required Gems
Module 0x1 | Basic Ruby Kung Fu
Module 0x2 | System Kung Fu
Module 0x3 | Network Kung Fu
Module 0x4 | Web Kung Fu
SQL Injection Scanner
Databases
Extending Burp Suite
Browser Manipulation
Web Services and APIs
Ruby 2 JavaScript
Web Server and Proxy
LDAP injection
Module 0x5 | Exploitation Kung Fu
Module 0x6 | Forensic Kung Fu
References
FAQs
Contributors
Powered by GitBook

Databases

Dealing with database is a required knowledge in web testing and here we will go though most known databases and how to deal with it in ruby.

SQLite

  • Install sqlite3 gem

    gem install sqlite3

    You've have to have sqlite3 development libraries installed on your system

    apt-get install libsqlite3-dev

  • Basic operations

require "sqlite3"
# Open/Create a database
db = SQLite3::Database.new "rubyfu.db"
# Create a table
rows = db.execute <<-SQL
  CREATE TABLE attackers (
   id   INTEGER PRIMARY KEY   AUTOINCREMENT,
   name TEXT    NOT NULL,
   ip   CHAR(50)
);
SQL
# Execute a few inserts
{
  'Anonymous'    => "192.168.0.7",
  'LulzSec'      => "192.168.0.14",
  'Lizard Squad' => "192.168.0.253"
}.each do |attacker, ip|
  db.execute("INSERT INTO attackers (name, ip)
              VALUES (?, ?)", [attacker, ip])
end
# Find a few rows
db.execute "SELECT id,name,ip FROM attackers"
# List all tables
db.execute  "SELECT * FROM sqlite_master where type='table'"

Active Record

  • Install ActiveRecord gem

    gem install activerecord

MySQL database

  • Install MySQL adapter gem

    gem install mysql

Login to mysql console and create database rubyfu_db and table attackers

create database rubyfu_db;
grant all on rubyfu_db.* to 'root'@'localhost';
create table attackers (
  id int not null auto_increment,
  name varchar(100) not null,
  ip text not null,
  primary key (id)
);
exit

The outputs look like following

mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 41
Server version: 5.5.44-0ubuntu0.14.04.1 (Ubuntu)
Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> create database rubyfu_db;
Query OK, 1 row affected (0.00 sec)
mysql> grant all on rubyfu_db.* to 'root'@'localhost';
Query OK, 0 rows affected (0.00 sec)
mysql> use rubyfu_db;
Database changed
mysql> create table attackers (
    ->   id int not null auto_increment,
    ->   name varchar(100) not null,
    ->   ip text not null,
    ->   primary key (id)
    -> );
Query OK, 0 rows affected (0.01 sec)
mysql> exit

Now, let's to connect to rubyfu_db database

require 'active_record'
ActiveRecord::Base.establish_connection(
:adapter  => "mysql",
:username => "root",
:password => "root",
:host     => "localhost",
:database => "rubyfu_db"
)
class Attackers < ActiveRecord::Base
end

  • Using the ActiveRecord library, available as the activerecord gem.

  • Using the ActiveRecord adapter namely mysql

  • Establishing a connection to the database rubyfu_db

  • Creating a class called Attackers following the conventions mentioned above (attacker)

Attackers.create(:name => 'Anonymous',    :ip => "192.168.0.7")
Attackers.create(:name => 'LulzSec',      :ip => "192.168.0.14")
Attackers.create(:name => 'Lizard Squad', :ip => "192.168.0.253")

You will observe that ActiveRecord examines the database tables themselves to find out which columns are available. This is how we were able to use accessor methods for participant.name without explicitly defining them: we defined them in the database, and ActiveRecord picked them up.

You can find the item

  • by id

    Attackers.find(1)

  • by name

    Attackers.find_by(name: "Anonymous")

    Result

    #<Attackers:0x000000010a6ad0 id: 1, name: "Anonymous", ip: "192.168.0.7">

or you can work it as object

attacker = Attackers.find(3)
attacker.id
attacker.name
attacker.ip

If you want to delete an item from the database, you can use the destroy (Deletes the record in the database) method of ActiveRecord::Base:

Attackers.find(2).destroy

So to write a complete script,

#!/usr/bin/env ruby
# KING SABRI | @KINGSABRI
# ActiveRecord with MySQL
#
require 'active_record'
# Connect to database
ActiveRecord::Base.establish_connection(
                                        :adapter  => "mysql",
                                        :username => "root",
                                        :password => "root",
                                        :host     => "localhost",
                                        :database => "rubyfu_db"
                                       )
# Create Active Record Model for the table
class Attackers < ActiveRecord::Base
end
# Create New Entries to the table
Attackers.create(:name => 'Anonymous',    :ip => "192.168.0.7")
Attackers.create(:name => 'LulzSec',      :ip => "192.168.0.14")
Attackers.create(:name => 'Lizard Squad', :ip => "192.168.0.253")
# Interact with table items
attacker = Attackers.find(3)
attacker.id
attacker.name
attacker.ip
# Delete a table Item
Attackers.find(2).destroy

Oracle database

  • Prerequisites

in order to make ruby-oci8 -which is the main dependency for oracle driver- works you've to do some extra steps:

  • Download links for Linux | Windows | Mac

    • instantclient-basic-[OS].[Arch]-[VERSION].zip

    • instantclient-sqlplus-[OS].[Arch]-[VERSION].zip

    • instantclient-sdk-[OS].[Arch]-[VERSION].zip

  • Unzip downloaded files

unzip -qq instantclient-basic-linux.x64-12.1.0.2.0.zip
unzip -qq instantclient-sdk-linux.x64-12.1.0.2.0.zip
unzip -qq instantclient-sqlplus-linux.x64-12.1.0.2.0.zip

  • Create system directories

    as root / sudo

mkdir -p /usr/local/oracle/{network,product/instantclient_64/12.1.0.2.0/{bin,lib,jdbc/lib,rdbms/jlib,sqlplus/admin/}}

The file structure should be

/usr/local/oracle/
├── admin
│   └── network
└── product
    └── instantclient_64
        └── 12.1.0.2.0
            ├── bin
            ├── jdbc
            │   └── lib
            ├── lib
            ├── rdbms
            │   └── jlib
            └── sqlplus
                └── admin

  • Move files

cd instantclient_12_1
mv ojdbc* /usr/local/oracle/product/instantclient_64/12.1.0.2.0/jdbc/lib/
mv x*.jar /usr/local/oracle/product/instantclient_64/12.1.0.2.0/rdbms/jlib/
# rename glogin.sql to login.sql
mv glogin.sql /usr/local/oracle/product/instantclient_64/12.1.0.2.0/sqlplus/admin/login.sql
mv sdk /usr/local/oracle/product/instantclient_64/12.1.0.2.0/lib/
mv *README /usr/local/oracle/product/instantclient_64/12.1.0.2.0/
mv * /usr/local/oracle/product/instantclient_64/12.1.0.2.0/bin/
# Symlink of instantclient
cd /usr/local/oracle/product/instantclient_64/12.1.0.2.0/bin
ln -s libclntsh.so.12.1 libclntsh.so
ln -s ../lib/sdk sdk
cd -

  • Setup environment

Append oracle environment variables in to ~/.bashrc Then add the following:

# Oracle Environment
export ORACLE_BASE=/usr/local/oracle
export ORACLE_HOME=$ORACLE_BASE/product/instantclient_64/12.1.0.2.0
export PATH=$ORACLE_HOME/bin:$PATH
LD_LIBRARY_PATH=$ORACLE_HOME/bin
export LD_LIBRARY_PATH
export TNS_ADMIN=$ORACLE_BASE/admin/network
export SQLPATH=$ORACLE_HOME/sqlplus/admin

Then run:

source ~/.bashrc

  • Install Oracle adapter gem

    gem install ruby-oci8 activerecord-oracle_enhanced-adapter

Now let's to connect

require 'active_record'
ActiveRecord::Base.establish_connection(
                      :adapter  => "oracle_enhanced",
                      :database => "192.168.0.13:1521/XE",
                      :username => "SYSDBA",
                      :password => "welcome1"
                       )
class DBAUsers < ActiveRecord::Base
end

MSSQL database

  • Install MSSQL adapter gem

gem install tiny_tds activerecord-sqlserver-adapter
Previous
SQL Injection Scanner
Next
Extending Burp Suite
Last updated 2 years ago
Edit on GitHub
Contents
SQLite
Active Record
MySQL database
Oracle database
MSSQL database