Hacking the world’s most popular database

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
The Oracle database or Oracle sql, I kind of sound like a seal. Whether you're in it or trying to hack it, you've likely encountered this SQL database. It's everywhere. All the big companies use it. Netflix, LinkedIn, Cisco, Intel. It's an rd, B M S for the big boys, large enterprises with a lot of data. Now I think you need to know it. And yes, we did cut our teeth on databases with MySQL. In the first video we talked about, Hey, what are databases? And we built one ourselves. It was kind of cool. But now we're going to graduate. We're going to go corporate, take the red pill and get lost in the world of Oracle databases. Because if you want to work for or hack for the biggest companies, you got to know what they use and it is a bit different. So in this video, I'm going to show you how to build your very own Oracle SQL database and not just any database. The new fancy just released 23 C with some insane features. We'll talk about that here in a bit. And then after we build that database, I'm going to show you how an ethical hacker might come at an Oracle database. And I do need to say this disclaimer, actually two disclaimers. First one, I'm showing you real stuff, real hacking things. Don't hack anyone without permission, explicit permission. And number two, the Oracle database will only be hackable because we're making it hackable. We're intentionally making it secure with our bag configuration. The database itself is not inherently insecure. And speaking of Oracle, thank you to Oracle for sponsoring this video and making their 23 C free. Free. That's what it's called. I had to say free twice. They released it for free to developers, which can be anybody like you. You don't have to be a developer. You can still use it if you're a person. And 23 C is honestly kind of nuts. It's starting to blend the lines between relational databases and NoSQL relational. You'll see what I mean. And also in this video, I'm barely scratching the surface. Maybe I'm scratching it or rubbing the surface on the features of 23 C. It's kind of nuts. So if you do want to learn more, O C W is happening soon. Oracle cloud world, which is kind of hard to say. Oracle Cloud world. Got it. It's September 18th through 21st in Las Vegas. This is your chance to learn the future of databases. Like 23 things you'll love about 23 C. I see what they did there or auto rest with J ss o M. Relational duality views in Oracle databases. That's nuts, trust me. Or you can become a Jedi, but only if you go to Oracle Cloud World, you heard it first here, Jedi. That's what's happening. That's the takeaway here. So here we go. Part one, setting up the Oracle database. I hope you have your coffee ready because Oracle sql, it's different compared to MySQL. This has meant for large companies with lots of data and it will be a bit more complex, not crazy, just different. So let's get Java installed. Come on. I had to do it. Oracle owns Java. It's my one chance and let's set up an Oracle database. Now this will only take about five minutes and you don't need much because we're using my favorite tool in the whole world. Really it is Docker. We'll deploy the Oracle database 23 C free as a docker container on whatever computer you have. And if you don't know what Docker is, that's fine. I'm going to walk you through it, how to install it, and if you want to dive deeper, I do have a video on Docker somewhere around here and you should watch it because Docker is amazing. But anyways, if you have Windows, Linux or Mac, you're going to have a good time. I will cover the Docker install on Linux and Mac. Windows will be a bit more involved. I'm not going to cover that here. Just know you'll probably need WSL two and optionally, you might want to have Docker desktop. I'll probably make a video about that soon. Now Docker isn't the only option. They do have a virtual box image. You can use pod man if you want to and you can install it locally. Oracle Linux, red Hat or Windows. But again, we're doing Docker because Docker is amazing. Here. I'll be using Ubuntu desktop on a virtual machine here on my Windows computer. First thing we'll do is launch our terminal and zoom that in because it's so stink and tidy. Okay, there we go. Our first step is to install Docker, but first we'll update our repositories. Pseudo a p t update, just pseudo password in and let it fly. With our repositories updated, we'll now install Docker. Super easy, watch this pseudo a p t install. docker.io will do a dash y at the end so it doesn't bother us. Ready, set, go. Should be fairly quick and we're done. Now we're only one command away from installing an Oracle database right here, like it'll be up and running. Check this out. I have this command below. You just have to copy and paste it. Now for those of you who are curious, here's what's happening. We're using Docker to run a container. That's the command you'll use to actually launch one. We're using a few switches to make it be awesome. We're naming it the Oracle of course, and with this dash e parameter, we're feeding in the default password for our SIS user. We'll talk more about that here in a bit. We're then specifying port 1521. That's the common port that Oracle databases will use for their listener. And then we're specifying the container image that we're pulling from the Oracle Container Registry. That's the command. Let's go ahead and launch it. Ready, set, go. Now what you'll notice is that this might take just a little bit because it's big, not too big, but it'll probably be around nine gigabytes and it's big because it's awesome. So depending on your internet speed, it could take just a minute. Take a little coffee break, come back. I'll be here Now while you're waiting, sitting there with nothing to do. Have you hacked the YouTube algorithm today? Let's make sure you do hit that like button notification, bell comment, subscribe. You got to hack YouTube today ethically, of course. Oh cool. Mine is done. When it looks like this, you are solid one command to verify and make sure it's healthy. We'll type in pseudo docker, pss, and there it is right there, just sitting there hanging out an entire Oracle database. Let's play with it. And what we're actually going to do is we're going to jump into the docker container, jump inside, watch this one command pseudo docker exec. We'll do a switch, dash it. We'll specify our container name, which was the Oracle, and we'll jump into bash. Ready, set, go. Boom. Did you see this? Your terminal should have changed from your default machine to a new system here. That's pretty fun because now we're rocking Oracle Linux. Now just to get our bearings, here's where we're at right now. We just jumped into a new server, a docker container running Oracle Linux eight on the server. Right now the Oracle SQL 23 C is running and that's where we want to be. We want to be inside Oracle sql. We want to access it. We want to connect to a database. Let's do that right now. One simple command, we're going to use something called SQL Plus because Oracle has to be different, but seriously, SQL Plus is what you use to interact with an Oracle database via the command line. It's already installed here on the Oracle Linux box, but normally you'd have to install this on your Windows machine, Linux Mac machine to access an Oracle database. And now we'll log in. It'll look like this. First we'll specify our username, which will be sis, it's like system admin, but how the cool kids say it, we'll do a forward slash, that was a lame joke. I'm sorry. We'll do a forward slash and then the password. Now ours was super secure. Remember it was password and then we'll specify the server. We'll do it at and because the server just lives right here on this machine, on this docker container, we'll just type in local host just like that. But we're not done hit a space. We're going to be logging in with a special account as the system database administrator. So we have to specify this as sis, D B A, just like that. Oh, I forgot one thing actually right here after local host, after the server name, we want to specify our port. So we'll do a colon 1521. That should be it. Ready, set, go. Boom, we're inside Oracle sql. Notice our command line changed sql. I just realized this is my second SQL video, so this is the sequel. Sorry, I had six kids. If you don't expect any dad jokes, please stay here. I'm sorry. So we're in, but now what do we do? Well, if you recall from our previous sequel video, not the sequel, the first one, sorry, we learned about databases. What they are, they're essentially giant Excel spreadsheets that run the world. And on MySQL, you might type in something like show databases with a semicolon at the end to tell it You're done to see the databases doesn't happen here. SQL Plus does use the SQL query language. I'm sorry, structured query language, but it does have its own syntax and flavor. I told you it was different. And actually how Oracle databases, view databases is very different from MySQL. They call their databases schemas, which is tied to a user. This will make more sense here in a second, but just know it's different. I keep illustrating that. Now let's try two commands. Type this with me. The first one we'll do is show and you can capitalize this like I'm doing here. You don't have to, but it might be a good habit. We'll do show concore name and then it does use the semicolon to signify you're done with your command. Just like MySQL it enter, it's going to show us something. What is that? I'm not going to tell you yet. Let's do another one. Show P D B S head enter. What is that? I'll explain. This is part of what makes Oracle bigger. And when I say bigger, I mean multi-tenant architecture. So this first command show con name, which stands for show container name, it gave us this C D B dollar sign route. Now this right here is what makes Oracle databases kind of insane because they kind of act like virtual machines. So I want you to imagine the c d B route, which is a container, that's what C D B for container database. It's the root container. And while not a perfect analogy, just kind of picture it like the main computer, the physical computer that will be running virtual machines inside of it and the virtual machines are going to be the P D B and it's a weird name. It stands for pluggable databases. And these are their own little databases. They are separate, similar to a virtual machine or a docker container. They have their own separate namespaces, they have their own users, their own table spaces, data files and schemas. Essentially all the things that make up what an Oracle database is doing, they have their own situation going on now that's kind of awesome. And what's even more awesome is that they're called pluggable and the name means exactly what they can do. You can unplug them from that root container and plug them in somewhere else to another root container. You can move 'em around C, B, D, no, C, D, B. That's a dangerous game. So I know that was a lot right out of the gate. I said all that because I want you to know that you are here or we are here. Kind of like those maps in the airport. They tell you, Hey, bam, you're here. This is where we are. We're inside the root container. And when I did the show con name, it told me that C D B U root. Our next step is we want to create our own pluggable database, our own separate section, and that's what we're going to do. We're going to create our own and it's inside that pluggable database that will start to create our tables and do some really fun stuff. And I know that was a bit weird. It's like you didn't probably didn't see that coming first out of the gate like C D B P D B, but it's also kind of powerful. I told you they're different. And by the way, I didn't mention this. You can see we have one pluggable database right here, the free PD B one that we could jump into and play with. But I want to create our own and we also have the P D B seed, which is kind of like a template for a pluggable database. You can reference that when you make one. Okay, let's create our own pluggable database. The command will be create, and by the way, I'll have all these commands below, so if you want to copy and paste, go for it. It'll be create pluggable database. Well then name it, I'll call mine and you should do the same. The matrix, just like that. We'll then specify an admin user. So we'll type in admin and then user and then the username. It could be anybody. Let's just say, I dunno, Neo. And then after that they do a weird thing where they make us put on the password like this watch. Instead of saying Here's the password we say identified by and let me type it in. All caps identified by and then it's the password. It's kind of weird. What are you going to do? So identified by and we'll just say Trinity 1, 2, 3. I feel like he would do that. Now we're almost there. What we can actually do right now without putting a semicolon, just hit enter and we can go on a separate line. That's kind of nice, right? We have some room we can see. One more thing we have to do. It'll be one parameter. We'll say create underscore file underscore destination or desk and have that equal where we're going to put this P D b, where it's going to live. We'll just say we'll do this. We'll do a opening single quote to slash home slash Oracle and then a closing single quote. So quick recap, they're creating that was a terrible arrow, a pluggable database. We're calling it the matrix. We created an admin user named Neo with a password of Trinity. 1, 2, 3, and we're going to put it here in our home directory for Oracle. We're going to add in our semicolon at the end. Let's create a pluggable database. Ready, set, go. What? Okay, took a little bit. Okay, we have one now let's do a show. PDBs. There it is, the matrix. It's here. Sorry. Get a little too jazz. Actually, I probably need more coffee. I'll be right back. Okay, coffee's brewing. Now I know you want to get plugged into the matrix. Oh, our pluggable database is the matrix. I didn't even connect those until just now. That just happened. Anyways, we have to open it before we can get into it. So one command you'll understand we're going to see alter pluggable database. We'll specify the matrix and then we're after that say open. It's going to altered. I thought I was going to say open. It's ready. Now from this point on, I want to be Neo because haven't we all wanted to be Neo? Yes, the answer is yes. So we're going to actually jump out of our current container and then connect back in, plug back into the matrix as Neo, we're going to get dialed in phone booth and everything because we're the one, but hold up, my coffee's ready. I'll be right back, Man. That smells good. Okay, I'm ready to go. But real quick, before we actually can jump in as Neo, we want to give Neo some more permissions. We want to make him more powerful. We want to train him and Kungfu. Let's give him kung fu. So many matrix analogies. That's kind of our thing, right? The matrix, everybody loves it. Everyone voted, they said yes. Now a couple of things on users to try to see one right Now real quick, we're going to do select, do this with me. Select username from, and we're actually doing a select statement on a table here in our database, the container route. Select username from D V A users and we'll order by username. Now we got a lot. We're just going to scroll up, but I want you to look for a particular user. Look for Neo. Do you see him? No, you don't. As I mentioned earlier, these PDBs, they are kind of like their own thing, their own little database room with their own users, their own schema, their own stuff. Neo was created in that alternate universe. It's kind of like an alternate universe. Let's just go with that. That's where Neo lives. Now, by the way, if we wanted to create a user right here, we'd say create user Bob identified by his password. Oh, I forgot. It's weird. We're in the root. We have to do weird things like add c pound pound in front of Bob's name. Okay, we created a user. If we do that same select statements, select username from D V A users. We just see somewhere in here, Bob, there's Bob. Say Hi Bob. But again, Neo's not here and we do need to give him permissions. We would want to do things like granting him, create session, create session to Neo. That's how we do it. Neo doesn't exist. We are Morpheus. We're going to jump out of this container, out of this database and then jump into the matrix as the system admin. So check it out From here we're going to type in exit route. Now we're going to jump back into our database. By this time we're going to do something a little bit different. We're going to do SQL plus. We'll specify our username, sis slash password, our password. We'll still do at local host colon port 1521. Here's the difference right here. We're going to specify a pluggable database. We'll say the matrix and we'll jump in there as cis D B a. Ready set. We're in the matrix. How do we know? Well, if we do show con name, there's a container name. Before we were in c d B root, now we're in, you guessed it, the matrix. And if we select our usernames, I bet you a box of donuts. Nia will be there. Let's scroll up and see there's the one. There he is. Now let's give him some permission. There's three things we want to give him right now. We want to grant him the ability to create sessions, create sessions. Now, he may already have these permissions. I'm not sure what the defaults are, but this is what you want to do to a normal user to let them do stuff. Grant, create session to Neo grant succeeded. Do the same thing for create table, and then whatever table he creates, we want him to be able to add anything he wants to it. So we have to grant him unlimited table space. So we'll grant unlimited table space. Bam, that should be all that he needs. So now we're going to become Neo. Let's type in exit to get out of there. No longer assist dba. We're the one. Hello Mr. Anderson. Let's get into the matrix. We're going to type in SQL Plus. This time we're going to say where NEO slash our password. Trinity 1, 2, 3 at local host 1521 slash the Matrix. No SY dba. We're a user. Let's do this. So we're Neo, we're in the matrix. There's only one thing left for us to do. Let's create a table. That's what makes up a database, right? It's the table. So that contain the data. Let's create one. This is where things will start to feel very similar across the board and whatever sequel you're dealing with, the command will be create table. As you might expect. We'll name it. We're going to call this one Red Pill db. And then right after that we'll define the columns in this table. We'll an opening parentheses we'll enter to give us some space and we can start to type these out. On each line we'll do an id, so we'll do M id and this will be a number. So we're going to define the type as an integer, and then we'll do a comma and we'll do a name. We'll say the field is name, and this will be a string like Neo or Agent Smith. And we'll call this Var Carr variable character two. And then we can tell it How many characters do you use? We'll say you can use 50. That's what you'll commonly see across documentation. Now we're going to keep putting commas after this until we're done. We'll then do real name. Same deal here. It'll be a string roll. And then finally, ability a lot of strings here. And because it's our last entry, we're not going to put a comma saying no. Comma means we're done with our list. What an enter, and we'll do a closing parentheses and then a semicolon to close it out. This is creating our first table and all of our fields and an Oracle database. Id name, real name, role, and ability. Ready? Let's do this at enter table created. Now, before we add stuff to it, put in data inside the table. Let's look at our table. Let's describe it. We'll type in D E SS C or describe Red Pill db. There it is. Now again, if you watch my first SQL video, things will start to feel very similar to any other SQL like MySQL. When we insert data into this table, it's going to feel the same. So we'll do insert and two and we'll say what table we're going to insert into. This will be Red Pill db, and then we'll specify our values and we'll put these inside parentheses. And as long as we go in order of each column, it'll fill in perfectly. So first we'll just do one. It's a number integer. We'll then do a string. We'll do a single quote here, sign Neo. And in case you can't tell, this'll be a list of matrix characters. That's his name. We'll do his real name. Thomas Anderson. His role, well, he's the one. His ability very clearly. It's bullet dodging, and that's a wrap. We'll close it out the closing parentheses and we'll end it with a semicolon. Adding our first bit of data. Ready, set, go. One row created, and if for Oracle database, we're going to type in commit to make sure our data rests nice and snug. We're like tucking in into bed. Now again, in warm fuzzy feelings, the select statements are pretty much the same. We're going to select, we'll say everything from our database to look inside of it or from our table rather. That's going to show us everything. If you just want to select one field, say name from Red Pill db, give us the name. Now let's add some more data. Now I've got it all below so you can copy and paste. I want to copy and paste right now because I don't want to sit here and type this forever and make this video even longer than it should be. Cool. I got a lot more data. I'm going to commit that data. I'm going to select all the names from Red Pill db. There they are and broken record. Again, we're dealing with the same kind of stuff. Deja vu, black Cat. We can select real name from Red Pill DB, where name equals neo. So really powerful stuff. All the powerful things that make sequel amazing. And frankly, I don't want Agent Smith here. It makes you uncomfortable. Let's drop him or no, we're not going to drop. That'll destroy all of 'em. We want to delete him. We'll delete from Red Pill db, where name equals Agent Smith. That'll find in the column the name Agent Smith. Take him out and we should see that he's gone. Nothing there, honestly, I kind of miss him. I'm going to add him back. He's back. We'll commit our changes here. Now, before we try to hack this database, there's one more concept about the architecture of Oracle databases that I want to make sure you got. So we covered that. We have the container, the container root rather and plugged into him. We created our P D B, our Pluggable database, the Matrix, and our Pluggable DBU is also are our database. Now, when we created that pluggable database, we also created our user Neo. But at the same time, and we didn't see this happening, something else happened. Something else was created a schema. Whenever a user is created on the system, it'll also have a schema of the same name created along with them. They're tied to that schema. They own it, it's theirs. Now what's a schema? It's a logical container for database objects. So think tables, views, indexes, store procedures, things that you will create. So that table we just created, red Pill db, it's contained in that schema. Now I say all that because what if we want to see a list of our tables? Well, in SQL databases like MySQL, you would say just show tables. But in Oracle it works a bit differently. The tables are tied to a schema, they're contained in a schema, and that schema is tied to a user. So if I want to see a list of tables, I have to either look at every single table on a certain database. So I would say select table name from D B A tables, but this shouldn't work for me. I don't have access to all tables, but I can view the current tables that I have access to in my database in my schema, I'll do select table name from user tables, and I should see a list of every table and this pluggable database that I have access to. And it's the one I created. If I were a admin or a system admin and I had access to all tables and I only wanted to see tables from a certain schema. So Neo, I would say select table name from user tables where owner equals Neo. Oh my bad, it's user not owner. I'm thinking of another command. So yeah, it is where a user equals neo and that is the user, the schema that owns that table, all the views and store procedures that surround that. Now, that was a lot, but I hope it gave you just a small glimpse to the world of Oracle sql. It's a bit different. Certainly is, and you should be familiar with it because I've seen this a ton in my IT career. Oracle databases are everywhere. Now, before we try to hack the SQL database, I want to show you one of the new features that comes to 23 C free and that's called J ss o n duality, which as a term, just hearing that it sounds cool, but it's also kind of a lot to unpack and will best be explained by a fun example. Check this out. So I just created two more tables to demonstrate J S O N duality. So I still have Red Pill DB containing all my matrix characters, which are now customers because I just created a whole database containing network. Chuck Coffee. If I select everything from these tables or from network Chuck Coffee, you'll see a lot of stuff. Now specifically I want to show you one thing that's really cool about databases. I'm going to select just the description for my coffee and notice something about this. This is in J ss o restoring J S O N. A bunch of data key value pairs inside one field and sql. This has been around for a minute, but the way we treat this data is changing right now with 23 c and j ss o n duality. Well, J ss o's important because it's so easy to work with. With our programs, developers often prefer to use jss O when working with data. So I also created one more database. We have the matrix characters, our customers, our coffee and our network coffee database, and we also have a customer orders database and there's all the customer orders. So now we're going to do something kind of crazy. We're going to create what's called a J SS o n duality view. And here's the stuff I'm about to paste. I'm going to show you my editor so it's easier to see. But essentially here I'm joining two tables together, network check, coffee and customer orders and Creating a View. But it's all going to be in J SS O, which seems like, okay, Chuck, whatever. No, check this out. So I'm going to create it view created. So with that view set up, we can do basic select statements. So here I'm looking at the coffee DV or the J S O duality view and pulling the name from that table of all the coffees, keeping in mind, it's all still in JSS O I want to pull all the data. It would look like this, which is perfect for programmers, right? Well check this out. I've got this view created with J ss O. What do you say? We add something to the table, the underlying tables. Let's add a new coffee. I already did it. We added a new coffee into network. Chuck Coffee. It's the Chuck Blend, Columbia Medium, all that stuff, it's there. What's really cool is that my duality view, watch this. I'll just select the names. Oh wait, lemme try it again. There we go. My duality view auto updated. It reflected the underlying table change. That's a huge deal. Do you want to see something crazier? Watch this. I can also with this command insert a J ss o n document, pure J ss o n, straight into the view. That's also pure J ss o n. So we're just dealing with JS O at this point, right into coffee dv. Here's all my new coffee. Insert it in there. I'll commit that change. And let's look at the underlying table. I think there's extra stuff left in from previous commands. Lemme try it again here. I kept adding an asterisk. Too much coffee, I'm missing stuff. But check that out. I inserted a J ss o n document into the view the j ss o n view, and it changed the underlying tables. That's crazy. What you're seeing is a switch back and forth between using just regular relational SQL and J ss o N interchangeably. That's massive. We're able to kind of treat unstructured data and structured data in the same way. Kind of blurring the lines between no SQL and sql. It's really strange and really awesome. 23 C is changing the game a little bit. And by the way, if you want to try this example yourself, I'll put all the documentation below. It's really fun and I'll give you all of these statements and code for my example. Now let's see if we can hack a SQL database, a Oracle SQL database. Now I'm going to skew this little window over to the side here. Now there are a number of tools we can use to hack Oracle SQL databases, but one I found that was pretty fun is called O dt. OAT tool is amazing. That just came to my mind. Normally you could install this on Linux just straight on. But you know what I like to use? I like to use Docker. So we're going to run a as a docker container, it'll make things more fun. So I'll go and launch a new terminal window here and zoom in a lot because that's ridiculous. And we're going to run the sucker with one command. We're going to do pseudo. We'll paste in this command docker run. We're doing a dash dash RM so it'll delete itself when we're done with it, when we get out of it and that IT command is going to throw us right in there. The IT switch right into bash. Ready, set. Oh wait, pseudo password. It's going to download the container image shouldn't take too long. Okay, it's done. And notice that we are in a completely different world right now. We are root in this. Woohoo. I think it's our container id. Who am I? I'm root. Now. Odat does a lot of cool things. It helps with everything from enumerating, an Oracle database to trying to break into it. Now enumerating, let's talk about that when we're trying to hack what we might suspect is an Oracle database. We want to find a server and see if it has a T n S listener. And again, normally it's going to be at port 1521. This is how other systems will make connections with this database to interact with it and do stuff. We're going to of course use that for nefarious purposes. So o DT has a module that we're going to use real quick to see if we can find a service. Now we already know it's there, but we're going to try it out. Now real quick, we're using two docker containers, two little virtual computers on our system. We have one here, I have one over here. Each of these will have their own little internal IP address and this Docker network. Now to have fun here, we want to find out what IP addresses those are. Now, normally they're pretty much the same across the board, but let's just double check. So what we'll do is we'll launch another terminal, just another window here, up close and personal. And we're going to do a pseudo docker network. Docker networking is so fun. I got a video up here for it. Bridge Inspect. The bridge is the default network that these containers will connect to. Oh wait, I got to backwards. It's Docker network, inspect bridge. There we go. Here it'll list our containers and their respective IP addresses. Notice the Oracle database. The Oracle, it's on 1 7 2 17 0 2. The elastic ride, which is our o dt, is on dot three. So remember that Yours will probably be the exact same if you're using default docker settings. So let's play. The first thing we'll do is jump into another directory. We'll use CD slash root slash oat. We're there. Now let's make sure things are working. So we'll do Python three oat pi and we'll do a dash H to see if we can reach their help file and make sure things good. Cool, we're good. If you see all that helpful stuff, we're solid. Now time to see if the T N SS listener is listening. So now that we know what works, we're going to type in Python three ODA pi and we'll use one of the modules called T N S cmd. We'll do a dash s and specify the server. We know the server IP address. It's 1 7 2 point 17 0.2. Now by the way, this is again underscores the power of docker. We just created a little hacking environment, right? That's so neat. Let's turn into a hacking environment video. I love that we specified our server lend to our port with dash and we'll say 1521 and we'll do a dash dash ping just to see like, okay, is it listening? Is it there? Apparently it's we got an A DSS received, it's up. Cool, so we know we're in the right place, but now what? Now we got to figure out who is ssid. SSID is these identifier. Each Oracle container will have its own SSID or session identifier. We need to know this in order to try and connect to it to try and hack it. And that's the first step. Now here we are going to kind of cheat a little bit. An easy way to check it on SQL Plus is to do select everything from the global name database. Now you might go, cool, our container, the SSID is the matrix. That's easy, but it's not. You see our container here is A P D B A pluggable database. The pluggable database doesn't have a ssid. It actually shares the SSID with the root container. So let's try this. We're going to back out, get out of there, and we're going to log in to the root container as css, D B A once more and we're going to do that same command. Show everything from global. I said show. I'm losing it. There we go. Now there that is the SSID bar, C, D, B, route free. So as a hacker, we would want to find this. What is the sid? We got to get that so we know it. But let's get into the hacker mode. How would a hacker figure that out if you didn't already know it? Well, brute force. Watch what we're going to do. It's fun. Over here on O dat, we're going to use another module. Python three O dat pi. This one is called Sid Guesser and he guesses what that does. Then we'll specify our server one 17 or 1 7 2 17 0 2. Now I'll see what happens when I do that. I forget what it does. Okay, cool. So it tried it already had a list of SSIDs, common sids, and it tried those to see if it could connect nothing. Let's see if we can find that list. CD docs. Is it here? No. It need some resources. Oh yeah, it's some resources. Let's see what's in that list right now. Txt. Let's cat that. So it actually looked through all these sits, what could be in there, but I bet you that free isn't there. Yep, it's not there. So now what we can do real quick, just because we know we know, let's add free to that list. Now this doesn't have a text editor built in, so let's install it real quick. We'll do AP PT install nano should be very fast. Got it. Now let's open up sids. Nano sids, T X T. We're just going to add free somewhere random. Let's go like control. Let's just put it like right here. Control x, Y, enter to save. Let's back out to our home directory here. Odat not home, just o dat. And we'll run that command once more. Ready, set, go. We should get a different thing here. Oh, see it immediately found that free is a valid ssid and if we had that list properly populated, we would've found that. So cool. We identified the ssid. Now what? Well now we try and guess a login. And again, this is going to be like brute force think Hydra or John the Ripper. We're going to try and brute force our connection by guessing a bunch of usernames and a bunch of passwords. Here's the command. Python three odat pi. This one will be password guesser. I mean you saw it coming right now. This particular module does require you to know the sid, otherwise it's going to be hitting nothing. So we'll first specify the server dash SS 1 72 17 0 0.2. Then we'll do a dash P for the port 1521, and then we'll do a dash D for the sid, which is free. Now that should be it. It has the default list of passwords that might guess. Let's try it out. 1, 2, 3, go. It's going, but just think about this right now. It's slowly going, but it's like it's hitting it with a bunch of username and passwords. The spoiler, I know that SIS and free aren't going to be in there. So let's go ahead and stop this. Let's go find that password file it was using, I think it was in logins. I'll go to logins. That's not it. Oh yeah, it's account. So CD accounts. I believe it's by default doing account small, so we'll, nano accounts small and it's got a few username and passwords here. Let's put ours at the very close to the very top so it's not taking too long. We'll put it like right here. Sis. Password, just like that. So this is demonstrating because we're kind of cheating a little bit. This is demonstrating what it would do if it actually had the username and password present in that file. So let's back out one directory, run our command once more. It's already tested. A few accounts, we'll say, you know what? Continue whatever. Let's see, and it's going to run and we'll see what happens. Actually, you know what? I realize it's actually accounts txt. That's the default. So let's actually edit that real quick. I'm being silly, and we'll add that right here. Okay, cool. Now we're going to be rolling one more time. Bam. You see that it found valid credentials, sis and password. Now we could let it keep going and find more users, but we're happy with that. We know that is a system admin. That's the best thing you can find as a hacker. It's the worst thing for you as a company. Now at that point, the job is pretty much done, especially if you found system admin passwords because then you could use SQL Plus because you are ethical hacker and you know how to get into SQL databases because when you just learned that you would jump in there with those credentials and hack away, find out information if the account you had didn't have proper privileges. There are some other modules to try and do privilege escalation, but likely they won't work on a later edition like 23 C. It's super secure. And the only reason we were able to hack this is because we basically told the hacker the password and the ssid. Otherwise they would be kind of hard to find. That's Oracle databases, A very, very high level overview. We dived a little bit deep, did some fun stuff, hacked it a little bit, and learned about one of the most amazing features I've seen with databases. J ss o on duality. And by the way, if you want to learn more about 23 C and how to work with Oracle databases and have a killer career, should probably check out O W C, Oracle World or O C W, Oracle Cloud World. Yes, I think that's right. Again, happening September 18th through 20th. Don't want to miss that link below.
Info
Channel: NetworkChuck
Views: 140,004
Rating: undefined out of 5
Keywords: System, hacking, SQL, oracle, oracle database, build, SQL database, data, nosql, docker, windows, linux, mac, ubuntu, virtual machines, sql for beginners, oracle sql for beginners, oracle for beginners, hacking databases, hacking sql, hacking oracle databases
Id: qHe4mlhuNt4
Channel Id: undefined
Length: 35min 41sec (2141 seconds)
Published: Thu Sep 14 2023
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.