Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: Oracle Security Presentation Help?

Hybrid View

  1. #1
    Junior Member
    Join Date
    Mar 2008
    Posts
    94

    Question Oracle Security Presentation Help?

    Hello again everyone. This is week 4 starting out with BackTrack 2 and Iv learned so much. Iv been talking with a teacher at my college (Modesto Junior Collage) in CA. I'm in his Oracle Administration on Thursday Nights. This professor introduced me to BT. We have been in close contact over the last few weeks discussing issue and problems and questions relating to BT. we've been having a lot of fun with it, untill now....

    He came up to me 2 days ago and said ">Dar> I want you to see if you can hack Oracle 10g out-of-the-box using BackTrack in front of the class this Thursday because we are starting Security". I said "sure"....

    Well my sure was pretty sure...until I got stuck. I have googled my eyes out at the moment and am 99% stumped.

    Heres my presentation based off of some internet information and things that iv read.

    1. Obtain IP address of the box running Oracle 10g.
    2. Connect on to that network.
    3. Use Nmap to find Oracles Service and the listener(s) port.
    4. Use Sidguess to find the SID of the database
    5. Load SQLPlus from the BackTrack CD.
    6. Log into the database.

    Thats where I get stuck. I need to log into the database. I know the SID and the Port and IP Address which is everything you need to connect to the database but I don't know of any user name and password information. I loaded 10g in the lab and looked at the users and theres only like 2 that the password is default that has not expired. Ill need to brute force or dictionary the passwords. The "Sys" or "System" accounts Would work best I think.

    The goal is to gain DBA privileges in the database from scratch.

    I looked into Hydra but BackTrack's Hydra does not support Oracle stuff (I think) and I cant find anything really on Oracle on the updated Hyrda.

    I think getting access to ANY oracle account with work, cause then I might be able to brute SQL force it to get me DBA privileges.

    I think I might get extra credit for the presentation tommrow. But I need some help getting this. I have about 23 hours till I need to give it.

    I did tell the professor that I might not be able to do it, He said "ok...try to get it by the end of the semester"

    Help!

  2. #2
    Senior Member
    Join Date
    Feb 2008
    Posts
    681

    Default

    Ok, so now you want someone to help you on the mere assumption, that what you're actually claiming, is indeed true. Sounds like a load of ox balls to be honest.
    [FONT=Courier New][SIZE=2][FONT=Courier New]hehe...
    [/FONT][/SIZE][/FONT]

  3. #3
    Member s1lang's Avatar
    Join Date
    Sep 2007
    Posts
    189

    Default

    Well what's the point in anybody asking for any help on these forums??

    Due to the nature of what we are teaching ourselves anything could be used for malicious purposes.
    He's obviously put some effort into researching this unlike a few people who expect to be "spoonfed"

    Sorry >Dart> I can't help, however I will be interested to know what advice will be given as this interests me

  4. #4
    Senior Member
    Join Date
    Feb 2008
    Posts
    681

    Default

    Quote Originally Posted by s1lang View Post
    Well what's the point in anybody asking for any help on these forums??

    Due to the nature of what we are teaching ourselves anything could be used for malicious purposes.
    He's obviously put some effort into researching this unlike a few people who expect to be "spoonfed"

    Sorry >Dart> I can't help, however I will be interested to know what advice will be given as this interests me
    You know s1lang, you're right. I think I just posted the inevitable. I didn't mean any harm. Hell, if I knew more about the subject, I'd probably try to help.
    [FONT=Courier New][SIZE=2][FONT=Courier New]hehe...
    [/FONT][/SIZE][/FONT]

  5. #5
    Member s1lang's Avatar
    Join Date
    Sep 2007
    Posts
    189

    Default

    Quote Originally Posted by .lonewolf View Post
    You know s1lang, you're right. I think I just posted the inevitable. I didn't mean any harm. Hell, if I knew more about the subject, I'd probably try to help.


    I'm just hoping one of our resident gurus will point him in the right direction, as learning about "Oracle" security in the business environment can be very beneficiary to us "pentesters" in trying to broaden our knowledge

  6. #6
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Brute forcing whatever the 'root' password is probably going to be your best bet. I don't know much about Oracle, but the nice thing about any database is you can hit it pretty hard and fast with a bruteforce attack because it being a database server it's designed for lots of access quickly.

    You could probably write a simple script to run through a dictionary file that would try all kinds of combinations and exit when you have the successful one.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  7. #7
    Senior Member
    Join Date
    Feb 2008
    Posts
    681

    Default

    Quote Originally Posted by s1lang View Post


    I'm just hoping one of our resident gurus will point him in the right direction, as learning about "Oracle" security in the business environment can be very beneficiary to us "pentesters" in trying to broaden our knowledge
    Yeah, me to. I'm sure someone will

    This was particularly interesting, sounds like Utopia

    He came up to me 2 days ago and said ">Dar> I want you to see if you can hack Oracle 10g out-of-the-box using BackTrack in front of the class this Thursday because we are starting Security". I said "sure"....
    Edit: I missed that, streaker69 is already helping.
    [FONT=Courier New][SIZE=2][FONT=Courier New]hehe...
    [/FONT][/SIZE][/FONT]

  8. #8
    Junior Member
    Join Date
    Mar 2008
    Posts
    94

    Default

    I already tryed that. The Scott/Tiger account has been locked and expired on Oracle 10g.

    And secunia says Oracle 10g is great! (Security wise)

    By "hack" he means "Obtain DBA Access from a remote computer on the network"....

    Also I know Oracle isnt 100% right out-of-the-box so I know there must be a way around the username/password problem.

  9. #9
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by >Dart> View Post
    I already tryed that. The Scott/Tiger account has been locked and expired on Oracle 10g.

    And secunia says Oracle 10g is great! (Security wise)

    By "hack" he means "Obtain DBA Access from a remote computer on the network"....

    Also I know Oracle isnt 100% right out-of-the-box so I know there must be a way around the username/password problem.
    Mr Google says when searching for "Oracle 10g exploits".

    http://www.red-database-security.com..._exploits.html
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  10. #10
    Junior Member
    Join Date
    Mar 2008
    Posts
    94

    Default

    Its ok .lonewolf. I forgive you. Im new to the forums, trying to make friends and fit in and such.

    Iv been on that Red database site before, but somehow I missed that page. Ill check it out ASAP!

    EDIT:

    Ok I checked out all of that code on the Red Database website...I bet our verion of Oracle is old and is missing those patches...bad part is You NEED to already have a SQL account (I think) then you can bump it up to DBA....

    Now im back to square 1...trying to get into a Oracle Account from SQLPlus.....

    Its almost time for class but Ill just tell the Professor I haven't figured it out yet...maybe I might find something this week for next Thursday.

    EDIT 2:

    Ok everyone I finally think im on to something. I just finished class...we had a lot of fun with REVOKE and GRANT in Oracle... Then when I got done I started playing with BT on Cracking Oracle again. I dug open OAT on BT2 and found opwg.sh (wonder how I missed it). I made a .txt file under /tmp for my passfile and one for my userfile with my info I have on the class server for my user. I pulled the IP and from TNSNames, I entered in the server SID and WHAM! It started to process.

    Now as soon as it started it stoped and throw a big error in my face: "Could Not Load JBCD Driver....."

    Now I looked into it more and the set of OAT tools are JAVA based. I talked to my teacher about it and found out that BT does "not" come with java (we tried "java -v" and got "Could not create the JAVA VM".

    So I think I need Java running on BT before I run it.

    So does anyone have a .iso of BT with Java? Or give me a quick tut on how to install it who has done it before to save me some time? Ill research it more tommrow (if I have time).

    Thanks.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •