Tag Archives: Oracle

Exploiting an Oracle database with Metasploit (Part 1)

Now that I have a Metasploit and Oracle demo environment, it is time to see what I can use to exploit an Oracle 11g Release 2 database. I have to tell you, most of the exploits are actually rather old. … Continue reading

Posted in Hacking for better security awareness, Oracle security | Tagged , , , , | 1 Comment

Fun with Dtrace: files Oracle opens on database startup

I’ve got Dtrace working (install story) and the party is started. You can write your own Dtrace programs in the D language, but there are also a load of Dtrace one-liners. You can find a list of those on the … Continue reading

Posted in Linux | Tagged , , , , | Leave a comment

Dtrace on OEL6.6 is working!

I was close to giving up. Because of the following things: I could not find much on the Dtrace error I got. I tried the commands I used last time on my VirtualBox with OEL6.6 and Oracle 12c and got … Continue reading

Posted in Linux | Tagged , , , , , , , | 1 Comment

The malware I didn’t Ask.com for

Keeping a computer free of virusses and malware is getting harder and harder these days, if you’re not someone who regularely uses computers, like me. And even then you have to be on full alert. Maintenance of other peoples computers … Continue reading

Posted in Getting a life | Tagged , , , , | Leave a comment

Struggling to install Metasploit with Oracle drivers

Next tuesday I’ll be doing an Oracle database hacking course for teammembers at my work. (Because, the best way to gain security awareness, is to learn to hack). We’ll be doing SQL injection, port scanning with Nmap, network sniffing with … Continue reading

Posted in Oracle security, Uncategorized | Tagged , , , , , , , | 2 Comments

On getting rid of (unpatched) Oracle 9i and lower versions

During the Planboard symposium I did some live demos of Nmap and Metasploit. Some called it brave, others called it foolish. In the end some demos that I had prepared and succesfully tested only the night before took a nose … Continue reading

Posted in Oracle security | Tagged , , , , , , , , | Leave a comment

Detecting breaches in an Oracle database – with a honeypot

SQL Injection is one of the most popular, if not the most popular, hacking method. It’s in most cases an application-related problem. So what’s a DBA to do? In an ideal world DBAs can assign minimal privileges to the users … Continue reading

Posted in Oracle security | Tagged , , , , | Leave a comment