Home > Conferences, Defcon > Defcon talk: Breaking the “unbreakable” Oracle with Metasploit – Chris Gates and Mario Ceballos

Defcon talk: Breaking the “unbreakable” Oracle with Metasploit – Chris Gates and Mario Ceballos

August 3rd, 2009 Leave a comment Go to comments

Chris and Mario presented and demonstrated the new Metasploit modules that are designed to find and identify Oracle databases, find the SIDs, brute force passwords and escalate privileges.

An interesting comment is that they where actually able to evade Snort detection by base64 encoding the attack.

Currently there are 9 privilege escalation exploits included in Metasploit, but they are a basis for further development.

The demonstration contained the following steps:

  • TNSLIST -> Version enumeration of TNS Listener
  • SIDENUM -> Enumeration of the SIDs, this failed because it was an Oracle version 10 box
  • Burt force SID – Obtained the SID this way
  • Account brute fore – To get an account
  • Escalate to DBA – Get DBA privileges
  • Add JAVASYS privilege
  • Upload exploit
  • Run it via WINEXEC
  • Get a Shell prompt.

All in all a good overview of what stuff is available to the Oracle pentester in the Metasploit Framework.

Categories: Conferences, Defcon Tags: , , , , , ,
  1. No comments yet.
  1. No trackbacks yet.