Oracle Security Cheat Sheet
XMLDB installed and active ( : dispatchers='(PROTOCOL=TCP) (SERVICE=<ORACLE_SID>XDB)')Port 2100(FTP), Port 8080 (HTTP) Buffer Overflow via long FTP or HTTP Password(published, Metasploit-exploit) Buffer Overflow via long FTP username(unpublished, no published exploit avaiable)ONS installed(onsctl startPort 6200, <= ) R19i R210g R110g R2TNS-Listener without Password / ADMIN_RESTRICTIONAmap against port 6200 crashes the ONS serviceR*services installed( create file .rhosts unix/mac: : )No R*services installed( create file unix/mac: : )Hacking Oracle -Version - 29-Jan-200811g R1Modify / $ account(create a user with the name of OPS$ and login without pw)Simple file sharing(connect to a DB running on Windows XP with Simple File Sharing)Insert code like grant dba to user Oracle rdspw /addSqlplus /@ip/sid as sysdbaOCI-Connection(TNS Listener available (default 1521))SID unknownXMLDBOracle 7-9i R2(lsnrctl status ip) + Listener PasswordorOracle 10g R1/R2(use sidguess to bruteforc)
Oracle 7-9i R2 (lsnrctl status ip) 9.2.0.6/7 + Listener Password or Oracle 10g R1/R2 (use sidguess to bruteforce SID) Oracle account unknown Brute-force accounts (e.g. with hydra against FTP (2100), dbsnmp, outln, sys, system) SID known Oracle account known HTTP (8080), dbsnmp, SQL Injection via xmldb & transform (use lowprivileged user to get ...
Download Oracle Security Cheat Sheet
Information
Domain:
Source:
Link to this page:
Please notify us if you found a problem with this document: