12.3. Attacking Other Systems on the Network
You have just seen that UTL_TCP can be used to create connections to other hosts on the network on an arbitrary TCP port. This can be scripted to turn an Oracle database server into a TCP port scanner (probably the most expensive one ever!):
CREATE OR REPLACE PACKAGE TCP_SCAN IS PROCEDURE SCAN(HOST VARCHAR2, START_PORT NUMBER, END_PORT NUMBER, VERBOSE NUMBER DEFAULT 0); PROCEDURE CHECK_PORT(HOST VARCHAR2, TCP_PORT NUMBER, VERBOSE NUMBER DEFAULT 0); END TCP_SCAN; / SHOW ERRORS CREATE OR REPLACE PACKAGE BODY TCP_SCAN IS PROCEDURE SCAN(HOST VARCHAR2, START_PORT NUMBER, END_PORT NUMBER, VERBOSE NUMBER DEFAULT 0) AS I NUMBER := START_PORT; BEGIN FOR I IN START_PORT..END_PORT LOOP CHECK_PORT(HOST,I,VERBOSE); END LOOP; EXCEPTION WHEN OTHERS THEN DBMS_OUTPUT.PUT_LINE('An error occurred.'); END SCAN; PROCEDURE CHECK_PORT(HOST VARCHAR2, TCP_PORT NUMBER, VERBOSE NUMBER DEFAULT 0) AS CN SYS.UTL_TCP.CONNECTION; NETWORK_ERROR EXCEPTION; PRAGMA EXCEPTION_INIT(NETWORK_ERROR,−29260); BEGIN DBMS_OUTPUT.ENABLE(1000000); CN := UTL_TCP.OPEN_CONNECTION(HOST, TCP_PORT); DBMS_OUTPUT.PUT_LINE('TCP Port ' || TCP_PORT || ' on ' || HOST || ' is open.'); UTL_TCP.CLOSE_CONNECTION(CN); EXCEPTION WHEN NETWORK_ERROR THEN IF VERBOSE !=0 THEN DBMS_OUTPUT.PUT_LINE('TCP Port ' || TCP_PORT || ' on' || HOST || ' is not open.'); END IF; WHEN OTHERS THEN DBMS_OUTPUT.PUT_LINE('There was an error.'); END CHECK_PORT; END TCP_SCAN; / SHOW ERRORS / EXEC TCP_SCAN.SCAN('192.168.0.10',1,200,1); ...Get The Oracle® Hacker's Handbook: Hacking and Defending Oracle now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
