So, I've been on an Oracle stint lately. I have been looking into SQL injection, and Oracle seems like a very interesting implementation of the SQL language. Additionally, I hope my knowledge of Oracle applications will make me more useful in future jobs, as most large corporations use Oracle as their CMS of choice. In this post, I am going to write a little about gaining OS access using an unprivileged user in Oracle (just like my creative title!). I am relying heavily on white-papers published by Digital Security and iDEFENSE.
The method of upgrading privileges relies heavily on the OS Oracle is running on, restricting it to just Windows Server. This restriction is in place because the attack utilizes Windows usage of LM/NTLM hashes in user authentication. Through the utilization of the Oracle text account (or any Oracle account with CONNECT and RESOURCE privileges), an attacker may read local and remote SMB shares allowing the hi-jacking of NTLM hashes to be used for gaining higher access to the Oracle RDBMS.
Additionally, it was found this method was nearly invisible to IDS.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment