Auditing an Oracle database for security issues is very important. PeteFinnigan.com provides all of the information and tools that you will need Click here for details of PeteFinnigan.com Limited's detailed Oracle database security audit service Click here for details of PeteFinnigan.com Limited's Oracle Security Training Courses
There are 42 visitors online    

Pete Finnigan's Oracle security weblog


Home » Archives » January 2007 » BBED - Oracle Block Browser and EDitor - A hacker tool?

[Previous entry: "Download some free chapters from the Oracle Hackers Handbook"] [Next entry: "Users and Schemas"]

BBED - Oracle Block Browser and EDitor - A hacker tool?

January 31st, 2007 by Pete

Post to del.icio.us   Post to Furl   Digg!

I was surfing this evening and came across a great paper by Graham Thornton that explains how to use the BBED Block Browser and EDitor utility to modify blocks in the database data files whether the database is up or down. I have known about this tool for a very long time and even reported its shipping on Windows as an executable and as an object file on *nix as a security bug to Oracle around 4 years ago.

This paper explains how to build the tool on Linux and how each command works. Quite clearly this is a useful tool to get you out of a hole in the case of corruption or incorrect deletions but its also an excellent hacker tool.

Graham shows 5 good examples of the use of BBED, these include "changing data", "recovering deleted rows", "uncorrupting a block", "file header reset" and "recovering deleted, damaged data".

For those of us who think like a hacker this tool has some awesome potential. The tool runs on the OS and doesnt need database authentication. A simple password is hard coded in the binary. If you can gain the possibility to run OS commands as a lowe level user then you can become a DBA, SYS or whatever, it is simple to change the SYS password hash. Remember there would be no audit trail generated no matter the type of database audit used. Or you could read data protected via VPD or OLS, you could change or read critical data in the database without detection, you could install root kits, the possibilities are endless.

This is a dangerous tool in the wrong hands, remove the binary if its there; also remove the object files if they exist so it cannot be rebuilt. If Oracle support or you need to use it, then Oracle will not support you afterwards anyway so there is no impetus to keep the tool.

Graham Thornton's great paper is called "Disassembling the Oracle Data Block - A Guide to the BBED Block Browser and Editor"


January 2007
SMTWTFS
 123456
78910111213
14151617181920
21222324252627
28293031   

About

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

Search weblog

Home and Archives

Weblog Home
Weblog Archives

Recommended reading

Oracle Security Step-by-Step (Version 2.0)

Useful links

Home
Oracle Security Tools page
Oracle security papers
Oracle Security alerts

Other useful blogs

Web Development
SQL Server Security

Syndication - Feeds

RSS 1.0 FEED
RSS 2.0 FEED
Atom 0.3 FEED
Powered by gm-rss 2.0.0

Other Links


Valid XHTML 1.0!