-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 After reading some posts on the lists and looking at the scripts at http://www.pentest-limited.com I found that CREATE LIBRARY could be really useful when doing a PenTest. This is used to be able to create extended procedures. To do this you specifiy which library (dll file) you want to use. Then by creating a FUNCTION in Oracle you point out the function in the dll you want to run. So one could actually create a library pointing to %windir%\system32\kernel32.dll and specify the winexec as function. Your chances of having that dll on a Windows system are quite big :) Using the function created one could actually execute code on the server with the same privileges as the user which started the server, in Windows this is usually the LocalSystem. The above could only be done with a user with CREATE LIBRARY permissions. On a default installed Oracle (8.1.5 for Windows) there are 5 of 15 default accounts which can do this. You also need to know a SID to connect to. This is done easy by querying the Oracle Listener using the services query. If someone has applied a listener password, do a status query, you'll get enough info there. If this is common knowledge to everyone, sorry for bothering you ! To be able to do all this smoothly, without having to have the Oracle Client installed one could use these java based tools, which run on Windows and/or Linux. http://www.cqure.net/tools07.html - -- Patrik Karlsson, iXsecurity -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.1 iQA/AwUBPEVPnI118uy6FU2iEQLUNACcCCJtj5+FJWktfaaDDMmFz/zmtYwAniJ4 13dE8HSw4a4sikkvrzMdusUl =3YBq -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Wed Jan 16 2002 - 16:37:41 PST