Think differently about database hacking

Presented at DerbyCon 2.0 Reunion (2012), Sept. 30, 2012, 3 p.m. (50 minutes)

The typical database hacking follows a well known way. Find a SQL injection in the application or enumerate the databases (portscan, sid enumeration, sql ping), find a weak password or a password in a configuration file etc. and if we have a high privilege access let’s escalate to the operating system. But what happens if you do not have these attack paths? This is the case when you have to think differently. In the presentation we will show how to hijack the connection to MSSQL and ORACLE. Which function is worth hijacking with a DLL injection at Oracle clients and if you have the access how to use the oradebug command in creative ways? Of course everything will be demonstrated and the tools will be released.

Presenters:

• Spala Ferenc
  Ferenc has been working as a security consultant for 5 years. He gave several talks on Hungarian and international itsec conferences and workshops. He is also the member of program committee of Hacktivity conference. The story of Hacktivity started in 2003 when a group of security experts were looking for a forum to meet and exchange experience and has become the largest and oldest independent Hungarian hacker event. He is former blogger of a Hungarian IT security blog called “Alice and Bob”. He reported several vulnerabilities in different software such as IBM Cognos Business Intelligence.
• László Tóth
  László has more than 10 years experience in information security (penetration testing, security audit, incident response). As a researcher his focus is Oracle Database security. He published several research papers and tools in this subject. László is the developer of the woraauthbf tool which was one of the fastest Oracle password crackers at the time of its release. He also released several unique research papers about vulnerabilities of the Oracle authentication protocols and post-exploitation techniques. His name was mentioned in several CPUs released by Oracle. You can check out the technical deepness of his presentations at www.soonerorlater.hu.

Similar Presentations:

• Black Hat USA 2010 / Hacking Oracle From Web Apps
• DEF CON 19 (2011) / Hacking and Securing DB2 LUW Databases
• DEF CON 18 (2010) / Hacking Oracle From Web Apps