The Oracle Hacker's Handbook-Hacking and Defending Oracle Introduction

Table of Contents
Chapter 1-Overview of the Oracle RDBMS

  • Processes
  • The File System
  • The Network
  • Oracle Patching
  • Wrapping Up
Chapter 2-The Oracle Network Architecture
  • The TNS Protocol
  • Getting the Oracle Version
  • Wrapping Up
Chapter 3-Attacking the TNS Listener and Dispatchers
  • The Aurora GIOP Server
  • The XML Database
  • Wrapping Up
Chapter 4-Attacking the Authentication Process
  • Attacks Against the Crypto Aspects
  • Default Usernames and Passwords
  • Account Enumeration and Brute Force
  • Wrapping Up
Chapter 5-Oracle and PL/SQL
  • PL/SQL Execution Privileges
  • Wrapped PL/SQL
  • Working without the Source
  • PL/SQL Injection
  • Investigating Flaws
  • Direct SQL Execution Flaws
  • PL/SQL Race Conditions
  • Auditing PL/SQL Code
  • The DBMS_ASSERT Package
  • Some Real-World Examples
Chapter 6-Triggers
  • Examples of Exploiting Triggers
  • Wrapping Up
Chapter 7-Indirect Privilege Escalation
  • Wrapping Up
Chapter 8-Defeating Virtual Private Databases
  • Defeating VPDs with Raw File Access
  • General Privileges
  • Wrapping Up
Chapter 9-Attacking Oracle PL/SQL Web Applications
  • Recognizing the Oracle PL/SQL Gateway
  • Verifying the Existence of the Oracle PL/SQL Gateway
  • Attacking the PL/SQL Gateway
  • Wrapping Up
Chapter 10-Running Operating System Commands
  • Running OS Commands through Java
  • Running OS Commands Using DBMS_SCHEDULER
  • Running OS Commands Directly with the Job Scheduler
  • Running OS Commands Using ALTER SYSTEM
  • Wrapping Up
Chapter 11-Accessing the File System
  • Accessing the File System Using Java
  • Accessing Binary Files
  • Exploring Operating System Environment Variables
  • Wrapping Up
Chapter 12-Accessing the Network
  • Encrypting Data Prior to Exfiltrating
  • Attacking Other Systems on the Network
  • Java and the Network
  • Database Links
  • Wrapping Up

Appendix A-Default Usernames and Passwords

0 comments:

Post a Comment