Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: Oracle Security Presentation Help?

  1. #1
    Junior Member
    Join Date
    Mar 2008
    Posts
    94

    Question Oracle Security Presentation Help?

    Hello again everyone. This is week 4 starting out with BackTrack 2 and Iv learned so much. Iv been talking with a teacher at my college (Modesto Junior Collage) in CA. I'm in his Oracle Administration on Thursday Nights. This professor introduced me to BT. We have been in close contact over the last few weeks discussing issue and problems and questions relating to BT. we've been having a lot of fun with it, untill now....

    He came up to me 2 days ago and said ">Dar> I want you to see if you can hack Oracle 10g out-of-the-box using BackTrack in front of the class this Thursday because we are starting Security". I said "sure"....

    Well my sure was pretty sure...until I got stuck. I have googled my eyes out at the moment and am 99% stumped.

    Heres my presentation based off of some internet information and things that iv read.

    1. Obtain IP address of the box running Oracle 10g.
    2. Connect on to that network.
    3. Use Nmap to find Oracles Service and the listener(s) port.
    4. Use Sidguess to find the SID of the database
    5. Load SQLPlus from the BackTrack CD.
    6. Log into the database.

    Thats where I get stuck. I need to log into the database. I know the SID and the Port and IP Address which is everything you need to connect to the database but I don't know of any user name and password information. I loaded 10g in the lab and looked at the users and theres only like 2 that the password is default that has not expired. Ill need to brute force or dictionary the passwords. The "Sys" or "System" accounts Would work best I think.

    The goal is to gain DBA privileges in the database from scratch.

    I looked into Hydra but BackTrack's Hydra does not support Oracle stuff (I think) and I cant find anything really on Oracle on the updated Hyrda.

    I think getting access to ANY oracle account with work, cause then I might be able to brute SQL force it to get me DBA privileges.

    I think I might get extra credit for the presentation tommrow. But I need some help getting this. I have about 23 hours till I need to give it.

    I did tell the professor that I might not be able to do it, He said "ok...try to get it by the end of the semester"

    Help!

  2. #2
    Senior Member
    Join Date
    Feb 2008
    Posts
    681

    Default

    Ok, so now you want someone to help you on the mere assumption, that what you're actually claiming, is indeed true. Sounds like a load of ox balls to be honest.
    [FONT=Courier New][SIZE=2][FONT=Courier New]hehe...
    [/FONT][/SIZE][/FONT]

  3. #3
    Member s1lang's Avatar
    Join Date
    Sep 2007
    Posts
    189

    Default

    Well what's the point in anybody asking for any help on these forums??

    Due to the nature of what we are teaching ourselves anything could be used for malicious purposes.
    He's obviously put some effort into researching this unlike a few people who expect to be "spoonfed"

    Sorry >Dart> I can't help, however I will be interested to know what advice will be given as this interests me

  4. #4
    Senior Member
    Join Date
    Feb 2008
    Posts
    681

    Default

    Quote Originally Posted by s1lang View Post
    Well what's the point in anybody asking for any help on these forums??

    Due to the nature of what we are teaching ourselves anything could be used for malicious purposes.
    He's obviously put some effort into researching this unlike a few people who expect to be "spoonfed"

    Sorry >Dart> I can't help, however I will be interested to know what advice will be given as this interests me
    You know s1lang, you're right. I think I just posted the inevitable. I didn't mean any harm. Hell, if I knew more about the subject, I'd probably try to help.
    [FONT=Courier New][SIZE=2][FONT=Courier New]hehe...
    [/FONT][/SIZE][/FONT]

  5. #5
    Member s1lang's Avatar
    Join Date
    Sep 2007
    Posts
    189

    Default

    Quote Originally Posted by .lonewolf View Post
    You know s1lang, you're right. I think I just posted the inevitable. I didn't mean any harm. Hell, if I knew more about the subject, I'd probably try to help.


    I'm just hoping one of our resident gurus will point him in the right direction, as learning about "Oracle" security in the business environment can be very beneficiary to us "pentesters" in trying to broaden our knowledge

  6. #6
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Brute forcing whatever the 'root' password is probably going to be your best bet. I don't know much about Oracle, but the nice thing about any database is you can hit it pretty hard and fast with a bruteforce attack because it being a database server it's designed for lots of access quickly.

    You could probably write a simple script to run through a dictionary file that would try all kinds of combinations and exit when you have the successful one.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  7. #7
    Senior Member
    Join Date
    Feb 2008
    Posts
    681

    Default

    Quote Originally Posted by s1lang View Post


    I'm just hoping one of our resident gurus will point him in the right direction, as learning about "Oracle" security in the business environment can be very beneficiary to us "pentesters" in trying to broaden our knowledge
    Yeah, me to. I'm sure someone will

    This was particularly interesting, sounds like Utopia

    He came up to me 2 days ago and said ">Dar> I want you to see if you can hack Oracle 10g out-of-the-box using BackTrack in front of the class this Thursday because we are starting Security". I said "sure"....
    Edit: I missed that, streaker69 is already helping.
    [FONT=Courier New][SIZE=2][FONT=Courier New]hehe...
    [/FONT][/SIZE][/FONT]

  8. #8
    Junior Member 0tt0v0nc4t's Avatar
    Join Date
    Mar 2008
    Posts
    69

    Default

    Interesting project for security portion of an Oracle Administration. So your teacher was just like >DAR> you got a week to to obtain the pentesting skills of someone who has been at it a year or more? Better yet did he tell you this kind of question would would really get answered here? LOL If you're teacher really led you to this perhaps he should study bt a bit more. I've been here 2 weeks and I even know better than to ask "how do i haxxorz a database".

    If finishing that project is the difference between an A or not than you should explain to your teacher that bt takes a bit longer than a semester to master and maybe an easier presentation would be better. I am doing Network security this semester and we use mostly Cain and able because its easier to understand, but while we use BT in class we keep it to simple wep/wpa cracking and password retrieval. I understand you're exploring Oracle security but I still think you're project is a bit advanced for where you should be at this level.

  9. #9
    Junior Member
    Join Date
    Mar 2008
    Posts
    94

    Default

    Yes I do think this is over my head a little, I think hes expecting a little more then I can handle. But he said If I dont get it I could have more time which I think ill need. I had nightmars about it last night (I just woke up). I catch on to things pretty fast and I hecka research before I even think about asking him or the board.

    The "Root" in Oracle would be the DBA accounts. I could try SQL injection, but I dont know if that would get me where I need to be. Iv gotten pretty far (I gave him a report on it yesterday). I think this is my final project.

    So far everything I found must be ran from the SQL prompt, but you have to have a user account on the server to get access to the SQL prompt. I need a external methed of doing it. I was googling more last night but no real luck...still...

    But thats guys for trying.

    Also about the forums, I'm not trying to make "assumptions" on people helping me, and I don't know if ill get a answer for sure here, but I sure can try.

  10. #10
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    See where you can get using scott/tiger.
    Check secunia etc for vulnerabilities against the specific version you're testing.
    Try anonymous connections to the listner/DB.
    Check for un-needed oracles services...the http server etc.

    Have your prof define "hack", obviously Oracle isn't 100% secure in it's default config.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •