title: Some Metasploit and Oracle Notes - Part 2
date: 2009-05-12 20:41:55.000000000 +01:00
- Penetration Testing
SCOTT CONNECT NO YES NO
SCOTT DBA NO YES NO
SCOTT RESOURCE NO YES NO
It's worth noting that some of these Oracle modules (there's 9 in the current Metasploit svn versions) have required privilege levels (dbms_cdc_publish for example in a vanilla 10GR2 setup needs EXECUTE_CATALOG_ROLE to run which only SYS and users with the DBA role have...), so it's worth trying out several to fit different scenarios...
So here we are with DBA, which to be honest for a lot attackers is all that's needed. The data in the database is likely to be the "crown jewels" which the attackers looking for, but hey we can go further with the wonders of Metasploit and execute code on the underlying operating system...
5. Leverage Oracles functionality to get access to the underlying operating system
So at the moment I don't see a metasploit option for doing this in *nix (there's a win32 command execution module on mc's page), however that's not a serious problem as it turns out the nice guys at Oracle provide ways to do this easily.
A quick google around revealed this paper from Oracle on command execution from a database user and from my running of it, it works fine (although requires creation of new database objects so best suited to an environment that can be rolled back easily...).
So there you go, from nothing to OS access in 5 easy steps, courtesy of Metasploit...