Submitted by: Submitted by DarqueOne
Views: 407
Words: 4635
Pages: 19
Category: Business and Industry
Date Submitted: 04/15/2012 11:51 AM
ATTACK
ADITYA K SOOD, A.K.A.
0KN0CK
Difficulty
Auditing Oracle
in a Production
Environment
This paper is based on real penetration testing of Oracle servers
on HP-UX systems and the way the auditor has to follow to
combat the stringencies that come in a way. We will dissect the
errors and the way to bypass them to conduct the tests.
U
WHAT YOU
WILL LEARN...
The user will learn about the
methodology and how to
conduct tests.
The user will learn about Oracle
Auditing Model.
The way to penetrate deep into
systems.
Overall Oracle deployment
and responsible behavior of
disclosing bugs.
WHAT YOU
SHOULD KNOW...
Understanding of Oracle
working and implementation.The
administration knowledge
of Oracle suit will be added
advantage.
Deployment of Oracle in a
production environment.
Knowledge of basic Oracle tools.
40
HAKIN9 6/2008
sually Oracle is used as a backend in
large production environments supporting
applications like SAP and other products.
The production environment is very critical
f rom company perspective and data is one of
the prime concerns that has to be protected.
That’s why most of the attackers try to hack the
databases to leverage maximum information.
We will specifically cover the penetration testing
of Oracle servers. The prime target is to test the
Oracle by using core techniques in a tactical way.
We will talk about core Oracle processes running
in a network and the way to audit it. The essential
point is to bypass the generic problems thereby
conducting a pure audit of an Oracle database.
Understanding Oracle Services
f rom Hacker's Perspective
The Oracle database is used in a distributed
way to support a number of data centric
applications. Being client server architecture the
main database is supported on the prime server
and all the other nodes communicate with it by
connecting to the Oracle server. For Example:
in SAP organization (i.e. System Application
Programming)...