Alexander Kornbrust Oracle Security Blog » Print » Whitepaper: Penetration from Application down to OS

Whitepaper: Penetration from Application down to OS

Dieser Eintrag stammt von Alexander Kornbrust Am 20 Apr 2009 @ 16:35 In Allgemein | Keine Kommentare

Few hours ago I saw that Paul Wright posted an entry on his blog [1] Oracle Forensics about a whitepaper “[2] Penetration from Application down to OS” from Alexandr Polyakov.

Alexandr explains in the well written document how to steal the Windows hashes using a fake SMB Server with low privileges (CONNECT, RESOURCE) via Oracle Text. On a previous blog entry in February [3] “What is more dangerous? ALTER SESSION or OS Access?” I showed how to read files via Oracle Text and Alexandr used a really smart approach to exploit this issue.

Well done Alexandr…

Dieser Artikel wurde ausgedruckt ab Alexander Kornbrust Oracle Security Blog: http://blog.red-database-security.com

URL zum Artikel: http://blog.red-database-security.com/2009/04/20/whitepaper-penetration-from-application-down-to-os/

URLs in this post:
[1] Oracle Forensics: http://www.oracleforensics.com
[2] Penetration from Application down to OS: http://www.dsecrg.com/files/pub/pdf/Penetration_from_application_down_to_OS_(Ora
cle%20database).pdf
[3] “What is more dangerous? ALTER SESSION or OS Access?”: http://blog.red-database-security.com/2009/02/07/what-is-more-dangerous-alter-se
ssion-or-os-access/

Klicken hier zum Drucken.