Few hours ago I saw that Paul Wright posted an entry on his blog Oracle Forensics about a whitepaper „Penetration from Application down to OS“ from Alexandr Polyakov.
Alexandr explains in the well written document how to steal the Windows hashes using a fake SMB Server with low privileges (CONNECT, RESOURCE) via Oracle Text. On a previous blog entry in February „What is more dangerous? ALTER SESSION or OS Access?“ I showed how to read files via Oracle Text and Alexandr used a really smart approach to exploit this issue.
Well done Alexandr…