[Previous entry: "Oracle 0-day exploit to be released - Blackhat Washington DC database security presentations"] [Next entry: "Oracle TNS Protocol downgrade attacks"]
How to hack SYS password without logging into the database
February 16th, 2007 by Pete
Post to del.icio.us
Post to Furl
I have just posted a new paper to my website written by Miladin Modrakovic and titled "Fixing SYS for hacking purposes" which details how the SYS password hash can be changed in the database without logging into the database. This is of course done using the BBED tool. The paper starts:
"How to change Oracle SYS password without having to login into a database? Possible?
Yes. All you need is some knowledge about Oracle internals.
This document is to be used only for testing purposes and not to be used in production environment. Purpose is to show audience how hackers can gain access to your system without knowing it and how to prevent it.
As I said earlier I am not going to use SQL to access production database. In order to get necessary information about SYS user I will copy production system datafile to my test server using rcp, sftp or any other utility (assumption here is that we already have gained access to database server)."
I have updated my Oracle internals and undocumented Oracle page to include this paper.
February 17th, 2007 at 11:42 am
Noons says:
Quite frankly, I see very little value in these explanations and demonstrations that "security can be broken, if it is already broken".
That is essentially the proposition here.
If someone can break into the db server as dba user, then they can change the dba password without logging in to the database?
Big deal! That's been the case with ANY database and ANY operating system for the last, oh let me see: 40 years?