Wonder Club world wonders pyramid logo
×
WonderClub View Shopping Cart Button

Oracle Hacker's Handbook: Hacking and Defending Oracle Book

Oracle Hacker's Handbook: Hacking and Defending Oracle
Oracle Hacker's Handbook: Hacking and Defending Oracle, David Litchfield has devoted years to relentlessly searching out the flaws in the Oracle database system and creating defenses against them. Now he offers you his complete arsenal to assess and defend your own Oracle systems. This in-depth guide explores , Oracle Hacker's Handbook: Hacking and Defending Oracle has a rating of 2.5 stars
   2 Ratings
X
Oracle Hacker's Handbook: Hacking and Defending Oracle, David Litchfield has devoted years to relentlessly searching out the flaws in the Oracle database system and creating defenses against them. Now he offers you his complete arsenal to assess and defend your own Oracle systems. This in-depth guide explores , Oracle Hacker's Handbook: Hacking and Defending Oracle
2.5 out of 5 stars based on 2 reviews
5
0 %
4
0 %
3
50 %
2
50 %
1
0 %
Digital Copy
PDF format
1 available   for $99.99
Original Magazine
Physical Format

Sold Out

  • Oracle Hacker's Handbook: Hacking and Defending Oracle
  • Written by author David Litchfield
  • Published by Wiley, John & Sons, Incorporated, January 2007
  • David Litchfield has devoted years to relentlessly searching out the flaws in the Oracle database system and creating defenses against them. Now he offers you his complete arsenal to assess and defend your own Oracle systems. This in-depth guide explores
  • David Litchfield has devoted years to relentlessly searching out the flaws in the Oracle database system and creating defenses against them. Now he offers you his complete arsenal to assess and defend your own Oracle systems. This in-depth guide explores
Buy Digital  USD$99.99

WonderClub View Cart Button

WonderClub Add to Inventory Button
WonderClub Add to Wishlist Button
WonderClub Add to Collection Button

Book Categories

Authors

About the Author     vi
Acknowledgments     xiii
Introduction     xv
Code Samples from the Book     xviii
Oracle and Security     xviii
The "Unbreakable" Marketing Campaign     xix
Independent Security Assessments     xx
The Future     xx
Overview of the Oracle RDBMS     1
Architecture     1
Processes     2
The File System     8
The Network     9
Database Objects     10
Users and Roles     10
Privileges     10
Oracle Patching     11
Wrapping Up     13
The Oracle Network Architecture     15
The TNS Protocol     16
The TNS Header     16
Inside the Packet     18
Getting the Oracle Version     19
The Listener Version and Status Command     20
Using the TNS Protocol Version     20
Using the XML Database Version     21
Using TNS Error Text     22
Using the TNS Version TTC Function     23
Wrapping Up     24
Attacking the TNS Listener and Dispatchers     31
Attacking theTNS Listener     31
Bypassing 10g Listener Restrictions     32
The Aurora GIOP Server     33
The XML Database     38
Wrapping Up     42
Attacking the Authentication Process     43
How Authentication Works     43
Attacks Against the Crypto Aspects     48
Default Usernames and Passwords     52
Looking in Files for Passwords     53
Account Enumeration and Brute Force     56
Long Username Buffer Overflows     56
Wrapping Up     57
Oracle and PL/SQL     59
What Is PL/SQL?     59
PL/SQL Execution Privileges     60
Wrapped PL/SQL     64
Wrapping and Unwrapping on 10g     64
Wrapping and Unwrapping on 9i and Earlier     64
Working without the Source     66
PL/SQL Injection     66
Injection into Select Statements to Get More Data     68
Injecting Functions     71
Injecting into Anonymous PL/SQL Blocks     72
The Holy Grail of PLSQL Injection     72
Investigating Flaws     74
Direct SQL Execution Flaws     77
PL/SQL Race Conditions      77
Auditing PL/SQL Code     80
The DBMS_Assert Package     81
Some Real-World Examples     82
Exploiting DBMS_CDC_IMPDP     82
Exploiting LT     84
Exploiting DBMS_CDC_Subscribe and DBMS_CDC_ISubscribe     84
PLSQL and Triggers     89
Wrapping Up     89
Triggers     91
Trigger Happy: Exploiting Triggers for Fun and Profit     91
Examples of Exploiting Triggers     93
The MDSYS.SDO_GEOM_TRIG_INS1 and SDO_GEOM_TRIG_INS1 Triggers     93
The MDSYS SDO_CMT_CBK_TRIG Trigger     94
The SYS.CDC_Drop_CTable_Before Trigger     96
The MDSYS.SDO_Drop_User_Before Trigger     97
Wrapping Up     98
Indirect Privilege Escalation     99
A Hop, a Step, and a Jump: Getting DBA Privileges Indirectly     99
Getting DBA from Create Any Trigger     99
Getting DBA from Create Any View     102
Getting DBA from Execute Any Procedure     105
Getting DBA from Just Create Procedure     105
Wrapping Up     105
Defeating Virtual Private Databases     107
Tricking Oracle into Dropping a Policy     107
Defeating VPDs with Raw File Access     112
General Privileges     114
Wrapping Up     114
Attacking Oracle PL/SQL Web Applications     115
Oracle PL/SQL Gateway Architecture     115
Recognizing the Oracle PL/SQL Gateway     116
PL/SQL Gateway URLs     116
Oracle Portal     118
Verifying the Existence of the Oracle PL/SQL Gateway     118
The Web Server HTTP Server Response Header     118
How the Oracle PL/SQL Gateway Communicates with the Database Server     120
Attacking the PL/SQL Gateway     122
The PLSQL Exclusion List     122
Wrapping Up     129
Running Operating System Commands     131
Running OS Commands through PL/SQL     131
Running OS Commands through Java     132
Running OS Commands Using DBMS_SCHEDULER     133
Running OS Commands Directly with the Job Scheduler     134
Running OS Commands Using Alter System     136
Wrapping Up     136
Accessing the File System     137
Accessing the File System Using the UTL_FILE Package     137
Accessing the File System Using Java     139
Accessing Binary Files     140
Exploring Operating System Environment Variables     142
Wrapping Up     144
Accessing the Network     145
Data Exfiltration     145
Using UTL_TCP     146
Using UTL_HTTP     147
Using DNS Queries and UTL_INADDR     147
Encrypting Data Prior to Exfiltrating     149
Attacking Other Systems on the Network     149
Java and the Network     151
Database Links     152
Wrapping Up     152
Default Usernames and Passwords     153
Index     177

Login

   |  

Complaints

   |  

Blog

   |  

Games

   |  

Digital Media

   |  

Souls

   |  

Obituary

   |  

Contact Us

   |  

FAQ

CAN'T FIND WHAT YOU'RE LOOKING FOR? CLICK HERE!!!

X
WonderClub Home

This item is in your Wish List

Oracle Hacker's Handbook: Hacking and Defending Oracle, David Litchfield has devoted years to relentlessly searching out the flaws in the Oracle database system and creating defenses against them. Now he offers you his complete arsenal to assess and defend your own Oracle systems. This in-depth guide explores , Oracle Hacker's Handbook: Hacking and Defending Oracle

View Wish List
Remove from List
Continue Shopping
X
WonderClub Home

This item is in your Collection

Oracle Hacker's Handbook: Hacking and Defending Oracle, David Litchfield has devoted years to relentlessly searching out the flaws in the Oracle database system and creating defenses against them. Now he offers you his complete arsenal to assess and defend your own Oracle systems. This in-depth guide explores , Oracle Hacker's Handbook: Hacking and Defending Oracle

Oracle Hacker's Handbook: Hacking and Defending Oracle

View Collection
Remove from Collection
Edit Collection
Continue Shopping
X
WonderClub Home

This Item is in Your Inventory

Oracle Hacker's Handbook: Hacking and Defending Oracle, David Litchfield has devoted years to relentlessly searching out the flaws in the Oracle database system and creating defenses against them. Now he offers you his complete arsenal to assess and defend your own Oracle systems. This in-depth guide explores , Oracle Hacker's Handbook: Hacking and Defending Oracle

Oracle Hacker's Handbook: Hacking and Defending Oracle

View Inventory
Remove from Inventory
Edit Inventory
Continue Shopping
WonderClub Home

You must be logged in to review the products

E-mail address:

Password: