Check This Out

The Oracle Hacker's Handbook-Hacking and Defending Oracle Introduction

Table of Contents
Chapter 1-Overview of the Oracle RDBMS

• Processes
• The File System
• The Network
• Oracle Patching
• Wrapping Up

Chapter 2-The Oracle Network Architecture

• The TNS Protocol
• Getting the Oracle Version
• Wrapping Up

Chapter 3-Attacking the TNS Listener and Dispatchers

• The Aurora GIOP Server
• The XML Database
• Wrapping Up

Chapter 4-Attacking the Authentication Process

• Attacks Against the Crypto Aspects
• Default Usernames and Passwords
• Account Enumeration and Brute Force
• Wrapping Up

Chapter 5-Oracle and PL/SQL

• PL/SQL Execution Privileges
• Wrapped PL/SQL
• Working without the Source
• PL/SQL Injection
• Investigating Flaws
• Direct SQL Execution Flaws
• PL/SQL Race Conditions
• Auditing PL/SQL Code
• The DBMS_ASSERT Package
• Some Real-World Examples

Chapter 6-Triggers

• Examples of Exploiting Triggers
• Wrapping Up

Chapter 7-Indirect Privilege Escalation

• Wrapping Up

Chapter 8-Defeating Virtual Private Databases

• Defeating VPDs with Raw File Access
• General Privileges
• Wrapping Up

Chapter 9-Attacking Oracle PL/SQL Web Applications

• Recognizing the Oracle PL/SQL Gateway
• Verifying the Existence of the Oracle PL/SQL Gateway
• Attacking the PL/SQL Gateway
• Wrapping Up

Chapter 10-Running Operating System Commands

• Running OS Commands through Java
• Running OS Commands Using DBMS_SCHEDULER
• Running OS Commands Directly with the Job Scheduler
• Running OS Commands Using ALTER SYSTEM
• Wrapping Up

Chapter 11-Accessing the File System

• Accessing the File System Using Java
• Accessing Binary Files
• Exploring Operating System Environment Variables
• Wrapping Up

Chapter 12-Accessing the Network

• Encrypting Data Prior to Exfiltrating
• Attacking Other Systems on the Network
• Java and the Network
• Database Links
• Wrapping Up

Appendix A-Default Usernames and Passwords