[dbsec] Re: Oracle Security
- From: "David Litchfield" <davidl@xxxxxxxxxxxxxxx>
- To: <dbsec@xxxxxxxxxxxxx>
- Date: Sat, 12 Aug 2006 09:20:41 +0100
Hi Dave,
Many of the exploits we were shown relied on
creating procedures or triggers
At the course I spoke about DBMS_EXPORT_EXTENSION being the holy grail of
Oracle SQL injection... This little package can be used do anything you want
as a DBA in all versions of Oracle from 10gR2 back to 8.1.7 (and probably
earlier). HTH.
Cheers,
David
----- Original Message -----
From: "Hull, Dave" <dphull@xxxxxx>
To: <dbsec@xxxxxxxxxxxxx>
Sent: Saturday, August 12, 2006 5:13 AM
Subject: [dbsec] Oracle Security
I was a student in David Litchfield's Breakable course at Black Hat Training
this year. It was a great class and we learned numerous techniques for
elevating our privileges from a relatively non-privileged user to DBA.
I'm back at work now trying to determine our vulnerability level and so far
I've been stumped at every turn. I went to our DBAs and asked them to give
me an account on a test system. They asked me what rights I wanted and I
told them nothing special.
What I have is:
SQL> select * from session_privs;
PRIVILEGE
----------------------------------------
CREATE SESSION
ALTER SESSION
CREATE TABLE
CREATE CLUSTER
CREATE SYNONYM
CREATE VIEW
CREATE SEQUENCE
CREATE DATABASE LINK
8 rows selected.
SQL>
Many of the exploits we were shown relied on creating procedures or
triggers. Naturally, I don't have sufficient rights to go down that path.
I've spent the better half of the day today reading all he docs I can find
to look for other methods. I've tried most of the default username/password
lists that I can find and that too is a dead end.
I suspect there's something I'm missing and was wondering if anyone on the
list could point me in a new direction.
Thanks in advance.
Other related posts: