Whitepaper: Penetration from Application down to OS

Few hours ago I saw that Paul Wright posted an entry on his blog Oracle Forensics about a whitepaper „Penetration from Application down to OS“ from Alexandr Polyakov.

Alexandr explains in the well written document how to steal the Windows hashes using a fake SMB Server with low privileges (CONNECT, RESOURCE) via Oracle Text. On a previous blog entry in February „What is more dangerous? ALTER SESSION or OS Access?“  I showed how to read files via Oracle Text and Alexandr used a really smart approach to exploit this issue.

Well done Alexandr…

Leave a Reply

You must be logged in to post a comment.