carnal0wnage and Attack Research join forces!

I'm happy to announce that carnal0wnage and Attack Research have joined blog forces!

the new home for the blog will be:

http://carnal0wnage.attackresearch.com/

please point your RSS readers to the new location and enjoy

With the new blog is the ability for a few more people to post. If you want to contribute please email c0arblog@attackresearch.com

-CG

Sunday, February 8, 2009

Oracle FTP Script Write/Binary Download/Execute via Oracle Packages Video

Metasploit Auxiliary module for Oracle FTP Script Write/Binary Download/Execute via Oracle Packages.

As DBA (yea for SQLI) we use UTL_FILE to write out our FTP download script, using DBMS_SCHEDULER we create a job to run the script to download our binary and create a 2nd job to execute our binary and get our meterpreter shell. Oracle...Unbreakable.

I got the "how to do it" from Red-Database-Security

check MC's video (requires java) on getting those DBA privs on an 11g box.
w00t-shell.net/demos/CVE-2008-3996.html

No code yet unless you email me and say you'll actually test it. Right now its in the "works for me" status but if you want to try it out on some other Oracle versions give me a shout. It wont work on 9 but should work on 10 & 11.


Metasploit Auxiliary module for Oracle FTP Script Write/Binary Download/Execute via Oracle Packages from carnal0wnage on Vimeo.

Digg this

Posted by CG at 8:36 PM

Labels: , ,

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)