Dave, I'll respond to you offlist. Cheers, David
Still no joy.
Again, thanks for your help.
________________________________
From: dbsec-bounce@xxxxxxxxxxxxx on behalf of David Litchfield Sent: Sat 8/12/2006 3:20 AM To: dbsec@xxxxxxxxxxxxx Subject: [dbsec] Re: Oracle Security
Hi Dave,
Many of the exploits we were shown relied on creating procedures or triggers
At the course I spoke about DBMS_EXPORT_EXTENSION being the holy grail of Oracle SQL injection... This little package can be used do anything you want as a DBA in all versions of Oracle from 10gR2 back to 8.1.7 (and probably earlier). HTH.
Cheers, David
----- Original Message ----- From: "Hull, Dave" <dphull@xxxxxx> To: <dbsec@xxxxxxxxxxxxx> Sent: Saturday, August 12, 2006 5:13 AM Subject: [dbsec] Oracle Security
I was a student in David Litchfield's Breakable course at Black Hat Training this year. It was a great class and we learned numerous techniques for elevating our privileges from a relatively non-privileged user to DBA.
I'm back at work now trying to determine our vulnerability level and so far I've been stumped at every turn. I went to our DBAs and asked them to give me an account on a test system. They asked me what rights I wanted and I told them nothing special.
What I have is: SQL> select * from session_privs; PRIVILEGE ---------------------------------------- CREATE SESSION ALTER SESSION CREATE TABLE CREATE CLUSTER CREATE SYNONYM CREATE VIEW CREATE SEQUENCE CREATE DATABASE LINK 8 rows selected. SQL>
Many of the exploits we were shown relied on creating procedures or triggers. Naturally, I don't have sufficient rights to go down that path. I've spent the better half of the day today reading all he docs I can find to look for other methods. I've tried most of the default username/password lists that I can find and that too is a dead end.
I suspect there's something I'm missing and was wondering if anyone on the list could point me in a new direction.
Thanks in advance.