Penetration Testing mailing list archives
Re: [PEN-TEST] hacking oracle questions
From: Ryan Russell <ryan () SECURITYFOCUS COM>
Date: Thu, 30 Nov 2000 11:28:08 -0800
On Wed, 29 Nov 2000, anindya wrote:
Hi folks, I have some questions about hacking Oracle, specifically version 7.x or 8.x. I have a DBA access account, and can query the SYS.* tables no problem. I also have access to the tnsnames.ora file, so I know the SIDs and where the listeners are. I should mention the target is on an NT 4.0 box.
What's your goal? To muck with the DB itself, the NT box it's on, or get through it to something else?
1) How do I discover what table names exist in a particular Oracle database i.e. the schema? Once I have the table names, I can use the "describe" command in svrmgrl to get the columns in the table , but apparently there is no easy way to get the table names themselves..
http://www.oracle.com/oramag/code/cod10177.html Also, nearly all DBs that support stored procedures give you a mechanism for calling external programs: http://www.oracle.com/oramag/oracle/99-Jan/19or8.html Do you have rights to create stored procedures? Also, completely unrelated, but while I was searching this stuff up, the Oracle web pages kept popping up this kind of stuff in the page body: Content-type: text/html Set-Cookie: ORA_UID=SEARCH_2881944; expires=Friday, 30-Nov-2001 19:11:31 GMT; Content-type: text/html Set-Cookie: ORA_UID=SEARCH_2881945; expires=Friday, 30-Nov-2001 19:11:31 GMT; I guess everybody screw up once in a while (it was gone a few minutes later.) :) Ryan
Current thread:
- [PEN-TEST] hacking oracle questions anindya (Dec 01)
- Re: [PEN-TEST] hacking oracle questions Edwards, Steve (Dec 01)
- Re: [PEN-TEST] hacking oracle questions Ryan Russell (Dec 01)
- Re: [PEN-TEST] hacking oracle questions William D. Colburn (aka Schlake) (Dec 01)
- Re: [PEN-TEST] hacking oracle questions Talisker (Dec 01)
- <Possible follow-ups>
- Re: [PEN-TEST] hacking oracle questions Hull, Dave (Dec 01)
- Re: [PEN-TEST] hacking oracle questions Michael Owen (Dec 01)