yaping123.wordpress.com
Startup Files | Yaping's Weblog
https://yaping123.wordpress.com/2008/09/02/startup-files
September 2, 2008. 8212; Yaping @ 2:30 am. There’re some SQL command files which will be executed when users logon db, such as glogin.sql/login.sql on SQL*Plus, toad.ini on TOAD. The cracker can modify these files and add some statements to create user, escalate privileges, change data, and so on. Illuminate through the following demo. Create user cracker identified by cracker;. Grant dba to cracker;. CREATE OR REPLACE FORCE VIEW SYS . ALL USERS ( NAME , USER# , CTIME ) AS. Then logon db with sys user.
yaping123.wordpress.com
orapw11g | Yaping's Weblog
https://yaping123.wordpress.com/2008/10/23/orapw11g
October 23, 2008. 8212; Yaping @ 7:17 am. I wrote one C script to generate hash value for Oracle 11g sha1 algorithm. Alter user system identified by p1;. Select NAME,PASSWORD,SPARE4 from user$ where NAME=’SYSTEM’. 8212;—— ———————– ———————————————————————-. Oracle@chen src]$ cat orapw11g.c. Define SALT LEN 10. Define HASH LEN 20. Function: Generate password hash value for Oracle 11g. Revised: Yaping Chen, 2008/10. Comment: Compiled with gcc 3.2.3 on RHEL 4. Main(int argc,char *argv[]). SALT LEN * 2) {.
yaping123.wordpress.com
Add Linux service manually | Yaping's Weblog
https://yaping123.wordpress.com/2009/04/13/add-linux-service-manually
April 13, 2009. Add Linux service manually. 8212; Yaping @ 3:01 pm. Here I demo how to add commands to system service on Linux. Assume I have one shell script named collectd, like the following:. 8212;——————————————-. Startup script for the collectd Server. Chkconfig: – 50 50. Description: collectd gathers statistics about the system it is running on and stores this information. Case “$1” in. Starts the collectd deamon. Echo “Starting collectd”. CMD FILE -C $CONFIG FILE. Kill -9 `cat $PID FILE`. Silently...
yaping123.wordpress.com
Vulnerable Packages | Yaping's Weblog
https://yaping123.wordpress.com/2008/09/02/vulnerable-packages
September 2, 2008. 8212; Yaping @ 2:34 am. I’ll list several vulnerable packages, which are used frequently. Utl file package can be used to read/write OS files within db, PUBLIC has execute privilege by default. If users have only create session privilege and read/write privilege on directories or utl file dir set, then these users can read/write any files under these directories which oracle have corresponding privilege. Cracker can read sensitive data or destroy whole database through it. 8 return ;.
yaping123.wordpress.com
Yaping's Weblog | Just another WordPress.com weblog | Page 2
https://yaping123.wordpress.com/page/2
September 2, 2008. 8212; Yaping @ 2:29 am. Or replace procedure get owner(p obj varchar2) is. 2 type t cur is ref cursor;. 3 v cur t cur;. 4 v owner varchar2(30);. 6 dbms output.enable(1000000);. 7 open v cur for ’select owner from all objects where object name = ’ p obj ;. 9 fetch v cur into v owner;. 10 dbms output.put line(v owner);. 11 exit when v cur%notfound;. 12 end loop;. 14 close v cur;. Execute on get owner to public;. Username from sys.dba users;. Select username from sys.dba users. We tie the...
yaping123.wordpress.com
MATERIALIZED VIEW | Yaping's Weblog
https://yaping123.wordpress.com/2008/09/19/materialized-view
September 19, 2008. 8212; Yaping @ 6:50 am. Materialized view basic information. Table test.t1(id number,a char(1),b varchar2(1) ;. MATERIALIZED VIEW log on test.t1;. Create MATERIALIZED VIEW log on test.t1. ERROR at line 1:. ORA-12014: table ‘T1 does not contain a primary key constraint. Table test.t1 add constraint t1 pk primary key(id);. MATERIALIZED VIEW log on test.t1;. Materialized view log created. Into test.t1 values(1,’A’,’B’);. From test.t1;. ID,DMLTYPE$ ,OLD NEW$ from MLOG$ T1;. 8211; –. M ROW...
yaping123.wordpress.com
select count(id) from t where id is null | Yaping's Weblog
https://yaping123.wordpress.com/2008/11/15/select-countid-from-t-where-id-is-null
November 15, 2008. Select count(id) from t where id is null. 8212; Yaping @ 2:04 am. Select count(id) from t where id is null;. How does Oracle handle query statement like it? Count(id) means add up row number which id is not null. First I think Oracle will parse. This statement, then return the result 0 immediately, not access table or index. Is it so? I did the test on Oracle 9208 and 10203. Table t (id number,a char(100) ;. Into t select rownum,’A’ from dual connect by level 50000;. 0 db block gets.
yaping123.wordpress.com
Change Password with BBED | Yaping's Weblog
https://yaping123.wordpress.com/2008/09/02/change-password-with-bbed
September 2, 2008. Change Password with BBED. 8212; Yaping @ 2:33 am. Firstly, we prepare one user and password we want to logon, assuming we use system/system to logon database. Then we obtain this password hash value, it can be gotten from test environment. Alter user system identified by system;. Select USERNAME,PASSWORD from dba users where USERNAME=’SYSTEM’;. Or obtain this value by oracle hash create tools. Then we need get the actual password hash value and the table’s location in data file. 4e535...
yaping123.wordpress.com
Oracle password algorithm | Yaping's Weblog
https://yaping123.wordpress.com/2009/01/09/oracle-password-algorithm
January 9, 2009. 8212; Yaping @ 5:11 am. Recently I read several Oracle security articles, they’re related to Oralce password algorithm. In the article, it details how Oracle use DES algorithm in CBC mode to generate password hash value. And how Oracle process TNS native authentication. You can find them with the following links. The next level of Oracle attacks. Http:/ freeworld.thc.org/papers/thc-orakelsniffert.pdf. TNS native authentication ( http:/ www.oxid.it/topics.html. 1 Comment ». Alexwebmaster ...
yaping123.wordpress.com
April | 2009 | Yaping's Weblog
https://yaping123.wordpress.com/2009/04
April 13, 2009. Add Linux service manually. 8212; Yaping @ 3:01 pm. Here I demo how to add commands to system service on Linux. Assume I have one shell script named collectd, like the following:. 8212;——————————————-. Startup script for the collectd Server. Chkconfig: – 50 50. Description: collectd gathers statistics about the system it is running on and stores this information. Case “$1” in. Starts the collectd deamon. Echo “Starting collectd”. CMD FILE -C $CONFIG FILE. Kill -9 `cat $PID FILE`. 8212;...