Accessing the Network
The Oracle RDBMS is a perfect platform for launching attacks against other systems on the network. This may be as simple as using database links to gain access to other Oracle databases or using some of the default PL/SQL packages to gain access to web or mail servers. If you have the CREATE PROCEDURE privilege, and most accounts do have this system privilege, you can even code your own PL/SQL network library allowing you to access any kind of server whether the protocol used is text-based or binary in nature.
Database Links
One Oracle database can communicate with another by using database links. Database links can be created as PUBLIC, which means that anyone can use the link, or nonpublic. Nonpublic links are for the use of the owner. When a database link is created there are two options for authentication against the remote system. First, a user ID and password can be embedded. These credentials are stored in the SYS.LINK$ table so anyone that can access this table can gather credentials for the remote system. The other option is to create the link with the CURRENT_USER keyword, which specifies that when the link is accessed the current user's credentials are used. This is a safer option to use when creating links. The syntax for creating a database link is as follows:
CREATE DATABASE LINK linkname CONNECT TO user IDENTIFIED BY passwd USING 'tnsentry'
or
CREATE DATABASE LINK linkname CONNECT TO CURRENT_USER USING 'tnsentry'
Once a link is created it ...
Get The Database Hacker's Handbook: Defending Database Servers now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
