My new role as “product responsible”

For nearly 6 months now I do something different than just technical work. I am currently – what they call at Rabobank – “Product Verantwoordelijke”. In English it sounds a bit weird: “product responsible”, or “responsible for the product”. And the product in question is Enterprise Manager and other tools or applications we use for administration.

“Product responsible” is a job where I’m basically deciding and advising on the technical stuff. So that doesn’t sound too big a job, especially because it’s just for Enterprise Manager, right? Sitting with two feet on my desk all the time?

Well, not quite apparently. It would be the case if a small DBA team of 4 people would use it, but in this case our team of 60+ DBAs and Fusion Middleware specialists use it. Also, it’s not supposed to stay like that. We’re working towards a Enterprise Manager as a Service model where a lot more people will get access to their specific targets via Enterprise Manager. Continue reading

Advertisements
Posted in I'm not a manager | Tagged , , , , , , , , | Leave a comment

Exploiting an Oracle database with Metasploit (Part 2)

Continuing from Exploiting an Oracle database with Metasploit (Part 1). Here’s the next set of Metasploit exploits and scanners I’ve tried and tested.

auxiliary/scanner/oracle/tnspoison_checker

This one just checks if your database is vulnerable to TNS poisoning:

msf auxiliary(tnspoison_checker) > info

Name: Oracle TNS Listener Checker
Module: auxiliary/scanner/oracle/tnspoison_checker
License: Metasploit Framework License (BSD)
Rank: Normal
Disclosed: 2012-04-18

Provided by:
ir0njaw (Nikita Kelesis) <nikita.elkey@gmail.com>

Basic options:
Name     Current Setting  Required  Description
----     ---------------  --------  -----------
RHOSTS   192.168.56.163   yes       The target address range or CIDR identifier
RPORT    1521             yes       The target port
THREADS  1                yes       The number of concurrent threads

Description:
This module checks the server for vulnerabilities like TNS Poison.
Module sends a server a packet with command to register new TNS
Listener and checks for a response indicating an error. If the
registration is errored, the target is not vulnearble. Otherwise,
the target is vulnerable to malicious registrations.

Continue reading

Posted in Hacking for better security awareness, Oracle security | Tagged , , , | Leave a comment

Exploiting an Oracle database with Metasploit (Part 1)

Now that I have a Metasploit and Oracle demo environment, it is time to see what I can use to exploit an Oracle 11g Release 2 database. I have to tell you, most of the exploits are actually rather old. I was a bit disappointing.

When you do “search oracle” in Metasploit, you get a promising, long list of scans and exploits. But as you’ll quickly note, a lot is Java related. Because that’s also Oracle. It helps to do a smarter search, for example by looking up oracle in the name: “search name:oracle”. But this also gives you MySQL exploits. And exploits of every old Oracle version. I’m not looking for that now either. And I’ve tried grepping, but that is not interpreted as grepping and gives you really weird results.

So in the end I’m just giving you my list of Oracle database scans and exploits that do not have old version numbers in the description. All non-database products are removed from the list. And for good measure, I’ve also removed exploits with very old disclosure dates, because I assumed they were targeted at versions much older than Oracle 11g. Continue reading

Posted in Hacking for better security awareness, Oracle security | Tagged , , , , | 1 Comment

Five steps to have your own Metasploit and Oracle demo environment

Bingo! I’ve done it! I’ve got Metaspoit working against an Oracle database. And in this blogpost I’ll explain how you can do it too.

 

Step 0. Your soon to be powned Oracle database

Let’s assume you already have a virtual machine with an Oracle database for demoing purposes. I have an 11.2.0.1 database on a host on VirtualBox. Make sure you have a hostname, listener port number and instance name ready for later testing purposes.

 

Step 1. Install Kali Linux 2

This step is the easiest. Really. You can download a Prebuilt Kali Linux 2 installation on VirtualBox or VMWare. In this example I’ve used VirtualBox. Continue reading

Posted in Hacking for better security awareness, Oracle security | Tagged , , , , , , | Leave a comment

Installing and Learning Metasploit

I’ve blogged about Metasploit before. Metasploit is a framework for exploits and comes with tools like port scanners, password crackers and more.

These days you can learn a lot of skills on Youtube, and tutorials about Metasploit are among them. For example, I follow the Hak5 channel and they have a series of 37 videos called Metasploit Minute, hosted by Mubix (aka Rob Fuller). This series of videos take you from installation of Metasploit (on Windows, Linux and Mac) to .. hacking with it.

(Youtube’s playlist plays the newest videos first, so it’s best to go to the bottom of the list and work your way up.) Continue reading

Posted in Hacking for better security awareness, Oracle security | Tagged , , , , , , , | Leave a comment

IT Horror Stories: Copying schemas from acceptance to production

This horror story happened to me a couple of years ago. It’s a great story to be told around the campfire with a flashlight shining from underneath your face.

I was working as a DBA for this company in the financial sector (not my current employer fortunately) and they were working on their new web application. It was something build on homegrown .Net and a (then in the Netherlands often used) content management system. (You can tell from the vagueries that this will not end well.)

At one point the consultant for the content management system appeared before me for the first time in a long time in the project in a alpha male type of way. “Allright. It’s time to get our stuff delivered to production. Make a copy of (the schema in) the acceptance database and import it into production.” Continue reading

Posted in IT Operations | Tagged , , , , | 2 Comments

My thoughts on conferences

Wait a moment, I should not be blogging. I’m on holiday.

The bay near Käsmu in Lahemaa National Park.

The bay and “Devils Island” near Käsmu in Lahemaa National Park.

Continue reading

Posted in Conferences | Tagged , , , , , , , , | Leave a comment