In this post we are going to see how IDA Pro will be used to reverse engineer, discover a BUG, and use the IDA’s remote debugger functionality to build a functional exploit on an ELF-type application.
The reporting phase is one of the major problem for a penetration tester due to the fact that almost alway we spend many time to create the reports. I am talking about when we have discovered a lot of vulnerabilities and we must delivering them to your client, in addition to we have to include many details such as:
- Nessus Plugin
In this post we are going to talk of how you can execute operation systems commands through an Oracle database using DBMS_SCHEDULER in two differents scenarios. you can leverage this feature which is integrated in Oracle.
1.- Directly to a database
2.- SQL Injection
In this post we are going to see how to obtain DBA privileges in an Oracle database using TRIGGERS. For this post it can assume that you have a valid credentials as well as SID, otherwise you can go back to the first post Hacking Oracle, first thing that you should do is connect to database with a client, for this post will be Aqua Data, once you are connected to the database you need to discover what kind of privileges the user has, the previous task can be achieved with the following command.
In this post we are going to talk of how to get DBA privileges in an Oracle database using a PROCEDURE, for this post you can skip the first part if you have a valid credential of the database and go directly to the getting DBA privileges section, otherwise you can follow the whole post. First thing is scan a network to find an Oracle database, in order to achieve it, you can use nmap with the following command, as shown in the following image.
In this post we are going to talk about of what is and how we can exploit a Xpath injection vulnerability, first of all we need to go back to the definition in order to understand more this kind of vulnerability, what is Xpath, XML and how it is structured.