Call: +44 (0)1904 557620 Call
Other


Below is a collection of papers and links to papers about Oracle internals, undocumented Oracle and hard to find Oracle details and information.

If anyone has any good links or papers about undocumented Oracle in particular that I have not found myself yet, please let me know the URL and I will add them to the list below. Please email pete@petefinnigan.com.


Undocumented Oracle

New Section The following are papers discussing undocumented details about Oracle.

Paper Title Written for Written by Description
Fixing SYS for hacking purposes (MS Word)
Fixing SYS for hacking purposes (PDF)
  Miladin Modrakovic rankoni@hotmail.com NEW PAPER This is an excellent short paper that shows how its possible to change the SYS password to a known hash value without logging into the database. Miladin says How to change Oracle SYS password without having to login into a database? Possible? Yes. All you need is some knowledge about Oracle internals.

This document is to be used only for testing purposes and not to be used in production environment. Purpose is to show audience how hackers can gain access to your system without knowing it and how to prevent it.

As I said earlier I am not going to use SQL to access production database. In order to get necessary information about SYS user I will copy production system datafile to my test server using rcp, sftp or any other utility (assumption here is that we already have gained access to database server).

Storing Data Directly From Oracle SGA   Miladin Modrakovic rankoni@hotmail.com NEW PAPER This is an excellent new paper written by Miladin Modrakovic about accessing Oracle data directly from the SGA without using the database services to do so. This uses a technique that is first publicaly described in Kyle Haileys presentation listed below. This method is used by a few expensive tuning products to access performance parameters in the x$ tables without impacting the Oracle kernel or affecting the measurement taking place. This method of reading data directly from the SGA could also be used for other means. Basically any data in the SGA or in the x$tables is accessible from an external C program.

This is a great paper exploring Kyles ideas and taking them a little further with a simple test Pro*C program that attaches the oracle shared memory segments and reads from an x$ table, x$ksuse directly from the shared memory. It samples the results from this table 100's of times per second and stores the results in an Oracle database table using Pro*C for later analysis.

http://www.evdbt.com/Oradebug_Modrakovic.pdf - (broken link) oradebug - undocumented oracle utility www.evdbt.com Miladin Modrakovic rankoni@hotmail.com NEW This is an excellent paper discussing the tails of how to use the undocumented Oracle debugging tool oradebug. This is the best paper so far on the internet about oradebug. This level of detail is probably only available from within Oracle itself. Tim Gormans site is hosting this paper and is worth a browse anyway for other excellent papers there.
Undocumented Oracle - What They Didn't Teach You At Oracle www.vijaymukhi.com   NEW This is quite an interesting paper - quite long at 71 pages. It shows some detailed investigations into Oracle startup, connecting as internal, changing text strings in svrmgrl in a hex editor to see how bootstrap$ is used and also to change the text in a select from v$ tables. Also there is some detailed investigations in to Oracle block internals. As the title suggests its not what they taught you in Oracle. Quite interesting all the same.
Undocumented Oracle www.serc.nl   NEW This is quite an old document listing some undocumented features of Oracle, some date back to Oracle 7. The list is mainly cut and pastes of posts to various newsgroups. The paper contains some very intersting items though including a short example C program showing how to call the UPI layer of the Oracle kernel to issue a become user call. This UPI call is how the import utility imp does a become user.
Direct SGA Access http://oraperf.sourceforge.net Kyle Hailey NEW Excellent presentation from Kyle Hailey discussing how to do direct SGA access in C. This is one of the few places on the net that this subject is broached. The presentation gives a great description of how to find the information you need via x$ tables and then to write a direct SGA access program in C. This technique is very useful in tuning areas to access oracle statistics without impacting the Oracle kernel. It could also be a technique for accessing data from a running database for other security related purposes.
julian.dyke.users.btopenworld.com/Oracle/Diagnostics/Tools/ORADEBUG/ORADEBUG.html - (broken link) ORADEBUG http://julian.dyke.users.btopenworld.com - (broken link) http://julian.dyke.
users.btopenworld.com
Julian Dyke NEW This is like buses in the England, you wait ages for one and then two come at once. I like this paper also about oradebug it is of a similar standard to the one above on Tims site. Excellent coverage by Julian. If you want to explore oradebug then you should investigate this paper. oradebug is a gold mine for security researchers as it allows a detailed look at the kernel internals and data structures.
Oracle ORADEBUG Puget Sound Oracle Users Group Daniel Morgan NEW I came across this page by chance whilst looking for something else. This is a very good summary of the Oracle ORADEBUG tool covering up to 10g. This paper gives a very good summary of all of the commands and includes simple examples. Great page!
http://www.fors.com/velpuri2/dul_ucg8.html - (broken link) DUL User's and Configuration Guide http://www.fors.com/velpuri2/dul_ucg8.html - (broken link) http://www.fors.com/
velpuri2/dul_ucg8.html
  NEW This page is the Data UnLoader (DUL) user and configuration guide. It gives some great overview notes about what this tool can do and how it can be configured.
http://www.fors.com/velpuri2/Backup%20and%20Recovery/UsingDUL - (broken link) Using DUL to Recover From Database Corruption (with some examples) http://www.fors.com/velpuri2/Backup%20and%20Recovery/UsingDUL - (broken link) http://www.fors.com/velpuri2/
Backup%20and%20Recovery/
UsingDUL
  NEW This page describes how the Oracle Data UnLoader (DUL) tool can be used to recover a corrupted database with examples.
DUDE primer 2.0 http://www.ora600.org Kurt Van Meerbeek NEW This is a great primer document detailing how jDUL/DUDE, Kurt's Oracle data unloader works. DUDE is a private Java based tool that can be used to extract data from an Oracle database without needing the database instance to be running. This means that data cen be saved from crashed instances. It also means that there is an alternative to Oracle's own DUL (Data UnLoader).
http://www.mgogala.com/oradebug.pdf - (broken link) oradebug http://www.mgogala.com - (broken link) www.mgogala.com Mladen Gogola NEW I found this paper by chance whilst searching for something else on Google. Mladen is a regular on various mailing lists and forums so I went for a look as he is known for his Oracle knowledge and also it is about an undocumented utility. This is not a bad paper, most of the ground is covered in other papers listed here but its still a good paper. The paper starts with some discussion of what oradebug is and how it works and what other information is available. Mladen goes on to cover starting orabdebug, attaching to an Oracle process, taking dumps, setting events, suspending and resuming and hang analysis.


Oracle Rdb Security papers

New Section The following section includes a set of links to papers that discuss security in Oracle Rdb databases. These papers were written by others authors.

If anyone has any good links or papers about Oracle Rdb security in particular that I have not found myself yet, please let me know the URL and I will add them to the list below. Please email pete@petefinnigan.com.

Paper Title Written for Written by Description
http://otn.oracle.com/products/rdb/index.html - (broken link) Rdb Home page otn.oracle.com   NEW This is the Rdb home page on Oracles technet site.
http://www.sciinc.com/techinfo/articles/si1a2.htm - (broken link) safeguarding corporate data otn.sciinc.com   NEW Good overview introduction paper discussing some of the security issues with Oracle Rdb on vms.
safeguarding corporate data otn.sciinc.com   NEW Good overview introduction paper discussing some of the security issues with Oracle Rdb on vms.


Oracle security with BAAN

New Section The following section presents papers written by other authors specifically on the subject of Oracle and Baan and security.

If anyone has any good links or papers about Oracle and Baan security in particular that I have not found myself yet, please let me know the URL and I will add them to the list below. Please email pete@petefinnigan.com.

Paper Title Written for Written by Description
Password aging for Baan www.mr-paradox.com Mr. Paradox NEW Felix passed me this link a week or so ago. It describes a new piece of software for Baan that allows it to do password ageing which is required in the states for Sarbanes Oxley compliance. The software is beta but sounds promising. I don't have access to Baan to test it but I am sure it is fine. You can download the software for HP-UX, Linux, DEC (Compaq Tru 64), Sun Solaris 9, IBM (AIX 5.2) and IBM (AIX 4) plus documentation.


Oracle Security with SAP papers

New Section The following section includes a set of links to papers that discuss security in Oracle databases when used with SAP. These papers were written by others authors.

If anyone has any good links or papers about Oracle and SAP and security in particular that I have not found myself yet, please let me know the URL and I will add them to the list below. Please email pete@petefinnigan.com.

Paper Title Written for Written by Description
http://www.jochen.org/~jochen/sap-r3/advisory-2002-04.html - (broken link) SAP R/3 on Oracle: vulnerable Default Installation www.jochen.org Jochen Hein NEW This paper covers a default SAP installation issue when using Oracle as the database. Basically if you can see the listener you can edit any data in the SAP controlled Oracle database. Read this paper for more details.


Oracle Security with Peoplesoft papers

New Section The following section includes a set of links to papers that discuss security in Oracle databases when used with Peoplesoft. These papers were written by others authors.

If anyone has any good links or papers about Oracle and peoplesoft and security in particular that I have not found myself yet, please let me know the URL and I will add them to the list below. Please email pete@petefinnigan.com.

Paper Title Written for Written by Description


Oracle Applications Security papers

New Section The following section includes a set of links to papers that discuss security in Oracle databases when used with Oracle Applications. These papers were written by others authors.

If anyone has any good links or papers about Oracle Applications security in particular that I have not found myself yet, please let me know the URL and I will add them to the list below. Please email pete@petefinnigan.com.

Paper Title Written for Written by Description
Guide to auditing in Oracle applications www.integrigy.com Integrigy Corporation NEW This is an excellent paper describing the auditing capabilities available in Oracle Applications and also in the Oracle database. This paper is based on version 11i but should also cover 10.7 and 11.0.
http://www.integrigy.com/info/SecurityAnalysis-CPU0105.pdf - (broken link) Oracle Critical Patch Update - January 2005 - E-Business Suite Impact www.integrigy.com Integrigy Corporation NEW This is a very useful paper aimed at users of Oracle E-Business Suite and Oracle Applications. This paper analyses in detail the issued fixed in the Critical Patch Update - January 2005 by Oracle. The paper goes into detail about the risks involved in implementing or not and of testing. It also discusses high risk systems and non high risk and the differences. This is an excellent paper for anyone needing to patch Oracle applications for these issues.