Attacking Oracle with the Metasploit Framework BH USA 2009

**Do NOT Upload This Video Anywhere Else!!**

Open Source Information Gathering BruCON Edition

We take an unprotected TNS Listener (9.2.0.1) on windows and alter the logfile location to get the windows box to try to connect to us over SMB, we launch SMB relay attack or do an LM Half challenge sniff/crack attack.

Oracle Post Exploitation on Oracle 11.1.0.6. Our user has used SQL Injection to become DBA . We use our ExtProc backdoor module to execute OS commands to add a user and put them in the admin group. We then use the psexec metasploit module with meterpreter reverse shell to give us a shell using SMB.

Oracle Login Brute to look for default usernames and passwords on the Oracle instance, after we find some we check the privileges using sql.rb