Three Tier Oracle Security in London ~ Paul M. Wright

First half of SYSDBA BACKDOOR paper is easily done without OS access
————————————————————————–
Attacker brute forces a SYSDBA user and wishes to create a user that is hidden from SYS.USER$.
1. CREATE USER
2. GRANT SYSDBA TO USER
3. Rename password file via UTL_FILE.RENAME (requires CREATE DIRECTORY).
4. DROP USER via the DB to lose from SYS.USER$
5. Rename password file back
In [...]

December 24th, 2007 | Category: Uncategorized | Comments Off