From their website, "Ettercap is a suite for man in the middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis."
Ettercap is a very handy auditing tool when performing a pen-test for an organization. The best feature of Ettercap is its extensibility though the use of plug-ins. The most useful and thus most used plug-ins are included with Ettercap, with my favourites being dns_spoof, arp_spoof, and gw_discover. I selected gw_discover because it's usefulness is applicable to the University of Montana. The gw_discover plug-in finds alternative gateways in situations where users are meant to VPN, much like the University of Montana and it's UMAPS WiFi. The U displays UMAPS as an open wireless access point, however once connected students need Cisco's VPN software package to connect. Gw_discover could potentially find a new gateway, allowing students to use the wifi without authenticating. I don't know how bad it would be if students didn't authenticate before using the U's WiFi, but I do know it would be cool if it worked.
Links:
http://ettercap.sourceforge.net/
http://www.irongeek.com/i.php?page=videos/ettercap-plugins-find-ip-gw-discover-isolate
Getting OS Access Using Oracle Unprivledged User
So, I've been on an Oracle stint lately. I have been looking into SQL injection, and Oracle seems like a very interesting implementation of the SQL language. Additionally, I hope my knowledge of Oracle applications will make me more useful in future jobs, as most large corporations use Oracle as their CMS of choice. In this post, I am going to write a little about gaining OS access using an unprivileged user in Oracle (just like my creative title!). I am relying heavily on white-papers published by Digital Security and iDEFENSE.
The method of upgrading privileges relies heavily on the OS Oracle is running on, restricting it to just Windows Server. This restriction is in place because the attack utilizes Windows usage of LM/NTLM hashes in user authentication. Through the utilization of the Oracle text account (or any Oracle account with CONNECT and RESOURCE privileges), an attacker may read local and remote SMB shares allowing the hi-jacking of NTLM hashes to be used for gaining higher access to the Oracle RDBMS.
Additionally, it was found this method was nearly invisible to IDS.
The method of upgrading privileges relies heavily on the OS Oracle is running on, restricting it to just Windows Server. This restriction is in place because the attack utilizes Windows usage of LM/NTLM hashes in user authentication. Through the utilization of the Oracle text account (or any Oracle account with CONNECT and RESOURCE privileges), an attacker may read local and remote SMB shares allowing the hi-jacking of NTLM hashes to be used for gaining higher access to the Oracle RDBMS.
Additionally, it was found this method was nearly invisible to IDS.
Subscribe to:
Posts (Atom)