I already tryed that. The Scott/Tiger account has been locked and expired on Oracle 10g.
And secunia says Oracle 10g is great! (Security wise)
By "hack" he means "Obtain DBA Access from a remote computer on the network"....
Also I know Oracle isnt 100% right out-of-the-box so I know there must be a way around the username/password problem.
No I was saying that we would have to assume, that what you were saying was true.Originally Posted by >Dart>
Anyway I thought I cleared this up. I didn't mean it, seriously.
I was just demonstrating what kind of reaction you may get.
Fortunately I was wrong. I'm sorry if you take offence.
[FONT=Courier New][SIZE=2][FONT=Courier New]hehe...
[/FONT][/SIZE][/FONT]
Mr Google says when searching for "Oracle 10g exploits".
http://www.red-database-security.com..._exploits.html
A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.
Its ok .lonewolf. I forgive you.Im new to the forums, trying to make friends and fit in and such.
Iv been on that Red database site before, but somehow I missed that page. Ill check it out ASAP!
EDIT:
Ok I checked out all of that code on the Red Database website...I bet our verion of Oracle is old and is missing those patches...bad part is You NEED to already have a SQL account (I think) then you can bump it up to DBA....
Now im back to square 1...trying to get into a Oracle Account from SQLPlus.....
Its almost time for class but Ill just tell the Professor I haven't figured it out yet...maybe I might find something this week for next Thursday.
EDIT 2:
Ok everyone I finally think im on to something. I just finished class...we had a lot of fun with REVOKE and GRANT in Oracle... Then when I got done I started playing with BT on Cracking Oracle again. I dug open OAT on BT2 and found opwg.sh (wonder how I missed it). I made a .txt file under /tmp for my passfile and one for my userfile with my info I have on the class server for my user. I pulled the IP and from TNSNames, I entered in the server SID and WHAM! It started to process.
Now as soon as it started it stoped and throw a big error in my face: "Could Not Load JBCD Driver....."
Now I looked into it more and the set of OAT tools are JAVA based. I talked to my teacher about it and found out that BT does "not" come with java (we tried "java -v" and got "Could not create the JAVA VM".
So I think I need Java running on BT before I run it.
So does anyone have a .iso of BT with Java? Or give me a quick tut on how to install it who has done it before to save me some time? Ill research it more tommrow (if I have time).
Thanks.
Thanks >Dart> Everything's cool then.Its ok .lonewolf. I forgive you.
Iv been on that Red database site before, but somehow I missed that page. Ill check it out ASAP!
EDIT:
Ok I checked out all of that code on the Red Database website...I bet our verion of Oracle is old and is missing those patches...bad part is You NEED to already have a SQL account (I think) then you can bump it up to DBA....
Now im back to square 1...trying to get into a Oracle Account from SQLPlus.....
Its almost time for class but Ill just tell the Professor I haven't figured it out yet...maybe I might find something this week for next Thursday.
EDIT 2:
Ok everyone I finally think im on to something. I just finished class...we had a lot of fun with REVOKE and GRANT in Oracle... Then when I got done I started playing with BT on Cracking Oracle again. I dug open OAT on BT2 and found opwg.sh (wonder how I missed it). I made a .txt file under /tmp for my passfile and one for my userfile with my info I have on the class server for my user. I pulled the IP and from TNSNames, I entered in the server SID and WHAM! It started to process.
Now as soon as it started it stoped and throw a big error in my face: "Could Not Load JBCD Driver....."
Now I looked into it more and the set of OAT tools are JAVA based. I talked to my teacher about it and found out that BT does "not" come with java (we tried "java -v" and got "Could not create the JAVA VM".
So I think I need Java running on BT before I run it.
So does anyone have a .iso of BT with Java? Or give me a quick tut on how to install it who has done it before to save me some time? Ill research it more tommrow (if I have time).
Thanks.
I'm also relatively new here and I don't want to make too many enemies, if possible.
I'm glad to see you making some progress with your project.
The BT3 Beta USB extended version comes with Java installed as default. I'm not sure if the BT3 CD version does, as well, but I'm guessing that it does.
To check what Java version you have, if any. Use this command in a terminal:
I hope some one helps you more with your project.Code:java -version
Peace
[FONT=Courier New][SIZE=2][FONT=Courier New]hehe...
[/FONT][/SIZE][/FONT]
Search the forum.. I believe there is an LZM for Java floating around that you could use, loading it from a USB stick or from the net when you are running the live disk.
dd if=/dev/swc666 of=/dev/wyze
Ok...iv spent some time poking around the forum, I could not find a LZM of Java. shamanvirtuel did say he had one but it was on his website which is done.
Im still looking.... Also I cant really find a good introduction of "modules" which I think LZMs are? Can anyone suggest a good thread or resource?
How's things >Dart>
To install Java. try this:
This is a good introduction to Modules:Code:bt ~ # slapt-get --update Retrieving package data [http://darkstar.ist.utl.pt/slackware...2.0/]...Cached Retrieving patch list [http://darkstar.ist.utl.pt/slackware/slackware-12.0/]... Done Retrieving checksum list [http://darkstar.ist.utl.pt/slackware...-12.0/]...Done Retrieving checksum signature [http://darkstar.ist.utl.pt/slackware...-12.0/]...Done Verifying checksum signature [http://darkstar.ist.utl.pt/slackware...re-12.0/]...No key for verification Retrieving ChangeLog.txt [http://darkstar.ist.utl.pt/slackware...-12.0/]...Done Reading Package Lists...Done bt ~ # slapt-get -i jre Reading Package Lists... Done jre is up to date. 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. Done bt ~ # java -version java version "1.6.0_02" Java(TM) SE Runtime Environment (build 1.6.0_02-b05) Java HotSpot(TM) Client VM (build 1.6.0_02-b05, mixed mode, sharing) bt ~ #
Module creation and installation - A video tutorial by balding_parrot
Hope this helps
[FONT=Courier New][SIZE=2][FONT=Courier New]hehe...
[/FONT][/SIZE][/FONT]
For what .lonewolf has kindly provided above to work, you'll need to update your slapt-get config file to set where it looks on the internet for the downloads.
All the info is in this thread
http://forums.remote-exploit.org/sho...ighlight=slapt
read through it
Hey everyone, just a little update. Iv haven't been able to work on Oracle lately, Iv been busy with my Programming class and my Ag. Mechanics Class (Were working on plumbing). I haven't taken a shot at JAVA yet...but once I get all this homework done and get to my Oracle class ill let everyone know whats up!
Posting Permissions
