Metasploit Auxiliary module for Oracle FTP Script Write/Binary Download/Execute via Oracle Packages.
As DBA (yea for SQLI) we use UTL_FILE to write out our FTP download script, using DBMS_SCHEDULER we create a job to run the script to download our binary and create a 2nd job to execute our binary and get our meterpreter shell. Oracle...Unbreakable.
I got the "how to do it" from Red-Database-Security
check MC's video (requires java) on getting those DBA privs on an 11g box.
w00t-shell.net/demos/CVE-2008-3996.html
No code yet unless you email me and say you'll actually test it. Right now its in the "works for me" status but if you want to try it out on some other Oracle versions give me a shout. It wont work on 9 but should work on 10 & 11.
Metasploit Auxiliary module for Oracle FTP Script Write/Binary Download/Execute via Oracle Packages from carnal0wnage on Vimeo.
No comments:
Post a Comment