The Oracle Hacker's Handbook-Hacking and Defending Oracle Introduction
Table of Contents
Chapter 1-Overview of the Oracle RDBMS
- Processes
- The File System
- The Network
- Oracle Patching
- Wrapping Up
Chapter 2-The Oracle Network Architecture
- The TNS Protocol
- Getting the Oracle Version
- Wrapping Up
Chapter 3-Attacking the TNS Listener and Dispatchers
- The Aurora GIOP Server
- The XML Database
- Wrapping Up
Chapter 4-Attacking the Authentication Process
- Attacks Against the Crypto Aspects
- Default Usernames and Passwords
- Account Enumeration and Brute Force
- Wrapping Up
Chapter 5-Oracle and PL/SQL
- PL/SQL Execution Privileges
- Wrapped PL/SQL
- Working without the Source
- PL/SQL Injection
- Investigating Flaws
- Direct SQL Execution Flaws
- PL/SQL Race Conditions
- Auditing PL/SQL Code
- The DBMS_ASSERT Package
- Some Real-World Examples
Chapter 6-Triggers
- Examples of Exploiting Triggers
- Wrapping Up
Chapter 7-Indirect Privilege Escalation
Chapter 8-Defeating Virtual Private Databases
- Defeating VPDs with Raw File Access
- General Privileges
- Wrapping Up
Chapter 9-Attacking Oracle PL/SQL Web Applications
- Recognizing the Oracle PL/SQL Gateway
- Verifying the Existence of the Oracle PL/SQL Gateway
- Attacking the PL/SQL Gateway
- Wrapping Up
Chapter 10-Running Operating System Commands
- Running OS Commands through Java
- Running OS Commands Using DBMS_SCHEDULER
- Running OS Commands Directly with the Job Scheduler
- Running OS Commands Using ALTER SYSTEM
- Wrapping Up
Chapter 11-Accessing the File System
- Accessing the File System Using Java
- Accessing Binary Files
- Exploring Operating System Environment Variables
- Wrapping Up
Chapter 12-Accessing the Network
- Encrypting Data Prior to Exfiltrating
- Attacking Other Systems on the Network
- Java and the Network
- Database Links
- Wrapping Up
Appendix A-Default Usernames and Passwords
Directed by Marc Forster
