Think differently about database hacking Presentation presented at Hacktivity 2012

by Lszl Spala,

Tags: Security

Summary : "The typical database hacking follows a well known way. Find a SQL injection in
the application or enumerate the databases (portscan, sid enumeration, sql
ping), find a weak password or a password in a configuration file etc. and if
we have a high privilege access let's escalate to the operating system. But
what happens if you do not have these attack paths? This is the case when you
have to think differently. In the presentation we will show how to hijack the
connection to MSSQL and ORACLE. Which function is worth hijacking with a DLL
injection at Oracle clients and if you have the access how to use the oradebug
command in creative ways? Of course everything will be demonstrated and the
tools will be released."