🗄️ Databases¶
Database management systems store and manage critical data. This section covers configuration files, credential locations, and security considerations for popular database systems.
Available Services¶
Relational Databases¶
- MySQL / MariaDB - Most popular open-source relational database
- Wide adoption
- LAMP stack component
-
Community and enterprise versions
-
PostgreSQL - Advanced open-source relational database
- ACID compliance
- Extensible architecture
- Strong data integrity
NoSQL Databases¶
- MongoDB - Document-oriented NoSQL database
- JSON-like documents
- Horizontal scaling
-
Flexible schema
-
Redis - In-memory data structure store
- Key-value store
- Caching and session management
- Pub/Sub messaging
Common Pentest Scenarios¶
Initial Access¶
- Default credentials
- Weak authentication
- Network exposure without authentication
Enumeration¶
- Database listing
- User enumeration
- Permission analysis
Data Extraction¶
- SQL injection
- NoSQL injection
- Backup file discovery
Quick Reference¶
| Database | Default Port | Config Location (Linux) | Default User |
|---|---|---|---|
| MySQL | 3306 | /etc/mysql/ |
root |
| PostgreSQL | 5432 | /etc/postgresql/ |
postgres |
| MongoDB | 27017 | /etc/mongod.conf |
admin |
| Redis | 6379 | /etc/redis/redis.conf |
- |
Security Best Practices¶
- Never use default credentials
- Disable remote root access
- Use encrypted connections (TLS/SSL)
- Regular security updates
- Proper access control configuration
- Audit logging enabled
Contributing¶
Know another database that should be documented? Contribute!