The Oracle database or Oracle
sql, I kind of sound like a seal. Whether you're in it or trying to hack it, you've likely encountered this
SQL database. It's everywhere. All the big companies use it. Netflix,
LinkedIn, Cisco, Intel. It's an rd, B M S for the big boys, large
enterprises with a lot of data. Now I think you need to know it. And yes, we did cut our teeth on
databases with MySQL. In the first video we talked
about, Hey, what are databases? And we built one ourselves.
It was kind of cool. But now we're going to graduate.
We're going to go corporate, take the red pill and get lost
in the world of Oracle databases. Because if you want to work for
or hack for the biggest companies, you got to know what they use and it
is a bit different. So in this video, I'm going to show you how to build your
very own Oracle SQL database and not just any database. The new fancy just released 23
C with some insane features. We'll talk about that here in a bit.
And then after we build that database, I'm going to show you how an ethical
hacker might come at an Oracle database. And I do need to say this disclaimer,
actually two disclaimers. First one, I'm showing you real
stuff, real hacking things. Don't hack anyone without permission,
explicit permission. And number two, the Oracle database will only be hackable
because we're making it hackable. We're intentionally making it
secure with our bag configuration. The database itself is not inherently
insecure. And speaking of Oracle, thank you to Oracle for sponsoring this
video and making their 23 C free. Free. That's what it's called.
I had to say free twice. They released it for free to developers,
which can be anybody like you. You don't have to be a developer. You
can still use it if you're a person. And 23 C is honestly kind of nuts. It's starting to blend the lines
between relational databases and NoSQL relational. You'll see what I
mean. And also in this video, I'm barely scratching the surface. Maybe I'm scratching it or rubbing
the surface on the features of 23 C. It's kind of nuts. So if you do want
to learn more, O C W is happening soon. Oracle cloud world, which is kind of
hard to say. Oracle Cloud world. Got it. It's September 18th
through 21st in Las Vegas. This is your chance to learn
the future of databases. Like 23 things you'll love about 23 C. I see what they did there
or auto rest with J ss o M. Relational duality views in Oracle
databases. That's nuts, trust me. Or you can become a Jedi, but only
if you go to Oracle Cloud World, you heard it first here,
Jedi. That's what's happening. That's the takeaway here.
So here we go. Part one, setting up the Oracle database. I hope you have your coffee
ready because Oracle sql, it's different compared to MySQL. This has meant for large companies with
lots of data and it will be a bit more complex, not crazy, just different.
So let's get Java installed. Come on. I had to do it. Oracle owns Java. It's my one chance and let's
set up an Oracle database. Now this will only take about five minutes
and you don't need much because we're using my favorite tool in the
whole world. Really it is Docker. We'll deploy the Oracle database
23 C free as a docker container on whatever computer you have. And if you
don't know what Docker is, that's fine. I'm going to walk you through
it, how to install it, and if you want to dive deeper, I do have a video on Docker somewhere
around here and you should watch it because Docker is amazing. But anyways,
if you have Windows, Linux or Mac, you're going to have a good time. I will cover the Docker
install on Linux and Mac. Windows will be a bit more involved.
I'm not going to cover that here. Just know you'll probably
need WSL two and optionally, you might want to have Docker desktop. I'll probably make a video about that
soon. Now Docker isn't the only option. They do have a virtual box image. You can use pod man if you want to and
you can install it locally. Oracle Linux, red Hat or Windows. But again, we're
doing Docker because Docker is amazing. Here. I'll be using Ubuntu desktop on a virtual
machine here on my Windows computer. First thing we'll do is launch our
terminal and zoom that in because it's so stink and tidy. Okay, there we go.
Our first step is to install Docker, but first we'll update our
repositories. Pseudo a p t update, just pseudo password in and let it
fly. With our repositories updated, we'll now install Docker. Super easy,
watch this pseudo a p t install. docker.io will do a dash y at the end
so it doesn't bother us. Ready, set, go. Should be fairly quick and we're done. Now we're only one command away from
installing an Oracle database right here, like it'll be up and running. Check
this out. I have this command below. You just have to copy and paste it.
Now for those of you who are curious, here's what's happening. We're
using Docker to run a container. That's the command you'll
use to actually launch one. We're using a few switches
to make it be awesome. We're naming it the Oracle of course,
and with this dash e parameter, we're feeding in the default
password for our SIS user. We'll talk more about that here in a
bit. We're then specifying port 1521. That's the common port that Oracle
databases will use for their listener. And then we're specifying the container
image that we're pulling from the Oracle Container Registry. That's the command.
Let's go ahead and launch it. Ready, set, go. Now what you'll notice is that this
might take just a little bit because it's big, not too big, but it'll probably be around
nine gigabytes and it's
big because it's awesome. So depending on your internet
speed, it could take just a minute. Take a little coffee break,
come back. I'll be here Now while you're waiting,
sitting there with nothing to do. Have you hacked the
YouTube algorithm today? Let's make sure you do hit that like
button notification, bell comment, subscribe. You got to hack YouTube
today ethically, of course. Oh cool. Mine is done. When it looks like this, you are solid one command to
verify and make sure it's healthy. We'll type in pseudo docker,
pss, and there it is right there, just sitting there hanging out an entire
Oracle database. Let's play with it. And what we're actually going to do
is we're going to jump into the docker container, jump inside, watch this one command pseudo docker exec. We'll do a switch, dash it.
We'll specify our container name, which was the Oracle, and we'll
jump into bash. Ready, set, go. Boom. Did you see this? Your terminal should have changed from
your default machine to a new system here. That's pretty fun because
now we're rocking Oracle Linux. Now just to get our bearings,
here's where we're at right now. We just jumped into a new server, a docker container running
Oracle Linux eight on the server. Right now the Oracle SQL 23 C is
running and that's where we want to be. We want to be inside Oracle
sql. We want to access it. We want to connect to a database. Let's
do that right now. One simple command, we're going to use something called SQL
Plus because Oracle has to be different, but seriously, SQL Plus is what you use to interact
with an Oracle database via the command line. It's already installed
here on the Oracle Linux box, but normally you'd have to install
this on your Windows machine, Linux Mac machine to access an Oracle
database. And now we'll log in. It'll look like this. First we'll
specify our username, which will be sis, it's like system admin, but how the cool
kids say it, we'll do a forward slash, that was a lame joke. I'm sorry. We'll
do a forward slash and then the password. Now ours was super secure. Remember it was password and
then we'll specify the server. We'll do it at and because the server
just lives right here on this machine, on this docker container, we'll just
type in local host just like that. But we're not done hit a space. We're going to be logging in with a
special account as the system database administrator. So we have to
specify this as sis, D B A, just like that. Oh, I forgot one thing
actually right here after local host, after the server name, we want to specify
our port. So we'll do a colon 1521. That should be it. Ready, set,
go. Boom, we're inside Oracle sql. Notice our command line changed sql. I just realized this is my second
SQL video, so this is the sequel. Sorry, I had six kids. If you
don't expect any dad jokes, please stay here. I'm sorry. So we're in, but now what do we do? Well, if you
recall from our previous sequel video, not the sequel, the first one, sorry, we
learned about databases. What they are, they're essentially giant
Excel spreadsheets that run
the world. And on MySQL, you might type in something like show
databases with a semicolon at the end to tell it You're done to see the
databases doesn't happen here. SQL Plus does use the SQL
query language. I'm sorry, structured query language, but it
does have its own syntax and flavor. I told you it was different. And
actually how Oracle databases, view databases is very
different from MySQL. They call their databases
schemas, which is tied to a user. This will make more sense here in a
second, but just know it's different. I keep illustrating that. Now let's
try two commands. Type this with me. The first one we'll do is show and you
can capitalize this like I'm doing here. You don't have to, but
it might be a good habit. We'll do show concore name
and then it does use the semicolon to signify you're done with
your command. Just like MySQL it enter, it's going to show us something. What
is that? I'm not going to tell you yet. Let's do another one. Show P D B S head enter. What is that? I'll explain. This is
part of what makes Oracle bigger. And when I say bigger, I mean
multi-tenant architecture. So this first command show con name,
which stands for show container name, it gave us this C D B dollar sign route. Now this right here is what makes Oracle
databases kind of insane because they kind of act like virtual machines. So
I want you to imagine the c d B route, which is a container, that's what
C D B for container database. It's the root container. And
while not a perfect analogy, just kind of picture it
like the main computer, the physical computer that will be running
virtual machines inside of it and the virtual machines are going to be the P D B and it's a weird name. It
stands for pluggable databases. And these are their own little
databases. They are separate, similar to a virtual machine
or a docker container. They have their own separate
namespaces, they have their own users, their own table spaces,
data files and schemas. Essentially all the things that make
up what an Oracle database is doing, they have their own situation going
on now that's kind of awesome. And what's even more awesome
is that they're called
pluggable and the name means exactly what they can do. You can unplug them from
that root container and plug
them in somewhere else to another root container. You can move
'em around C, B, D, no, C, D, B. That's a dangerous game. So I know
that was a lot right out of the gate. I said all that because I want you to
know that you are here or we are here. Kind of like those maps in the airport.
They tell you, Hey, bam, you're here. This is where we are. We're
inside the root container. And when I did the show con name,
it told me that C D B U root. Our next step is we want to
create our own pluggable database, our own separate section, and
that's what we're going to do. We're going to create our own and it's
inside that pluggable database that will start to create our tables
and do some really fun stuff. And I know that was a bit weird. It's like you didn't probably didn't see
that coming first out of the gate like C D B P D B, but it's also kind of
powerful. I told you they're different. And by the way, I didn't mention this. You can see we have one
pluggable database right here, the free PD B one that we
could jump into and play with. But I want to create our own
and we also have the P D B seed, which is kind of like a template
for a pluggable database. You can reference that
when you make one. Okay, let's create our own pluggable
database. The command will be create, and by the way, I'll have
all these commands below, so if you want to copy and paste, go for
it. It'll be create pluggable database. Well then name it, I'll call mine and
you should do the same. The matrix, just like that. We'll then
specify an admin user. So we'll type in admin and then user and
then the username. It could be anybody. Let's just say, I dunno, Neo. And then after that they do a weird thing
where they make us put on the password like this watch. Instead of saying Here's the password
we say identified by and let me type it in. All caps identified
by and then it's the password. It's kind of weird. What
are you going to do? So identified by and we'll
just say Trinity 1, 2, 3. I feel like he would do
that. Now we're almost there. What we can actually do right
now without putting a semicolon, just hit enter and we can go on a
separate line. That's kind of nice, right? We have some room we can see.
One more thing we have to do. It'll be one parameter. We'll say create underscore file
underscore destination or desk and have that equal where
we're going to put this P D b, where it's going to live.
We'll just say we'll do this. We'll do a opening single quote to
slash home slash Oracle and then a closing single quote. So quick recap, they're creating that was a terrible
arrow, a pluggable database. We're calling it the matrix. We created an admin user named Neo
with a password of Trinity. 1, 2, 3, and we're going to put it here
in our home directory for Oracle. We're going to add in
our semicolon at the end. Let's create a pluggable database.
Ready, set, go. What? Okay, took a little bit. Okay, we have
one now let's do a show. PDBs. There it is, the matrix. It's
here. Sorry. Get a little too jazz. Actually, I probably need more
coffee. I'll be right back. Okay, coffee's brewing. Now I know you want
to get plugged into the matrix. Oh, our pluggable database is the matrix. I didn't even connect those until
just now. That just happened. Anyways, we have to open it before
we can get into it. So one command you'll understand we're
going to see alter pluggable database. We'll specify the matrix and
then we're after that say open. It's going to altered. I thought I was going to say open.
It's ready. Now from this point on, I want to be Neo because haven't
we all wanted to be Neo? Yes, the answer is yes. So we're going to actually jump out of
our current container and then connect back in, plug back into the matrix as Neo, we're going to get dialed in phone booth
and everything because we're the one, but hold up, my coffee's
ready. I'll be right back, Man. That smells good. Okay, I'm ready to go. But real quick,
before we actually can jump in as Neo, we want to give Neo some more permissions.
We want to make him more powerful. We want to train him and
Kungfu. Let's give him kung fu. So many matrix analogies. That's
kind of our thing, right? The matrix, everybody loves it. Everyone
voted, they said yes. Now a couple of things on users to
try to see one right Now real quick, we're going to do select, do this
with me. Select username from, and we're actually doing a select
statement on a table here in our database, the container route. Select username from D V
A users and we'll order by username. Now we got a lot.
We're just going to scroll up, but I want you to look for a particular
user. Look for Neo. Do you see him? No, you don't. As I mentioned
earlier, these PDBs, they are kind of like their own thing, their own little database room with
their own users, their own schema, their own stuff. Neo was created
in that alternate universe. It's kind of like an alternate
universe. Let's just go with that. That's where Neo lives. Now, by the way, if we wanted to create a user right here, we'd say create user Bob identified by his password. Oh, I forgot.
It's weird. We're in the root. We have to do weird things like add
c pound pound in front of Bob's name. Okay, we created a user. If we
do that same select statements, select username from D V A users.
We just see somewhere in here, Bob, there's Bob. Say Hi Bob. But again, Neo's not here and we do
need to give him permissions. We would want to do things like
granting him, create session, create session to Neo. That's
how we do it. Neo doesn't exist. We are Morpheus. We're going
to jump out of this container, out of this database and then jump
into the matrix as the system admin. So check it out From here we're
going to type in exit route. Now we're going to jump
back into our database. By this time we're going to do
something a little bit different. We're going to do SQL plus. We'll
specify our username, sis slash password, our password. We'll still do
at local host colon port 1521. Here's the difference right here. We're
going to specify a pluggable database. We'll say the matrix and we'll
jump in there as cis D B a. Ready set. We're in the
matrix. How do we know? Well, if we do show con name,
there's a container name. Before we were in c d B root, now
we're in, you guessed it, the matrix. And if we select our usernames, I bet
you a box of donuts. Nia will be there. Let's scroll up and see
there's the one. There he is. Now let's give him some permission. There's three things we
want to give him right now. We want to grant him the ability to
create sessions, create sessions. Now, he may already have these permissions.
I'm not sure what the defaults are, but this is what you want to do to a
normal user to let them do stuff. Grant, create session to Neo grant succeeded. Do the same thing for create table, and then whatever table he creates, we want him to be able to
add anything he wants to it. So we have to grant him
unlimited table space. So we'll grant unlimited table space.
Bam, that should be all that he needs. So now we're going to become Neo.
Let's type in exit to get out of there. No longer assist dba. We're
the one. Hello Mr. Anderson. Let's get into the matrix.
We're going to type in SQL Plus. This time we're going to say
where NEO slash our password. Trinity 1, 2, 3 at local host 1521 slash the Matrix. No SY dba. We're a user.
Let's do this. So we're Neo, we're in the matrix. There's
only one thing left for us to do. Let's create a table. That's what makes
up a database, right? It's the table. So that contain the
data. Let's create one. This is where things will start to
feel very similar across the board and whatever sequel you're dealing with,
the command will be create table. As you might expect. We'll name it.
We're going to call this one Red Pill db. And then right after that we'll
define the columns in this table. We'll an opening parentheses we'll enter
to give us some space and we can start to type these out. On
each line we'll do an id, so we'll do M id and
this will be a number. So we're going to define
the type as an integer, and then we'll do a comma and we'll do
a name. We'll say the field is name, and this will be a string
like Neo or Agent Smith. And we'll call this Var
Carr variable character two. And then we can tell it
How many characters do you use? We'll say you can use 50. That's what
you'll commonly see across documentation. Now we're going to keep putting
commas after this until we're done. We'll then do real name. Same
deal here. It'll be a string roll. And then finally, ability
a lot of strings here. And because it's our last entry, we're
not going to put a comma saying no. Comma means we're done with
our list. What an enter, and we'll do a closing parentheses
and then a semicolon to close it out. This is creating our first table and all
of our fields and an Oracle database. Id name, real name,
role, and ability. Ready? Let's do this at enter table created.
Now, before we add stuff to it, put in data inside the table. Let's
look at our table. Let's describe it. We'll type in D E SS C
or describe Red Pill db. There it is. Now again, if
you watch my first SQL video, things will start to feel very
similar to any other SQL like MySQL. When we insert data into this
table, it's going to feel the same. So we'll do insert and two and we'll say
what table we're going to insert into. This will be Red Pill db, and then we'll specify our values and
we'll put these inside parentheses. And as long as we go in order of
each column, it'll fill in perfectly. So first we'll just do one. It's a
number integer. We'll then do a string. We'll do a single quote here, sign
Neo. And in case you can't tell, this'll be a list of matrix characters.
That's his name. We'll do his real name. Thomas Anderson. His
role, well, he's the one. His ability very clearly.
It's bullet dodging, and that's a wrap. We'll close it out the closing parentheses
and we'll end it with a semicolon. Adding our first bit of data.
Ready, set, go. One row created, and if for Oracle database, we're going to type in commit to make
sure our data rests nice and snug. We're like tucking in into bed.
Now again, in warm fuzzy feelings, the select statements are pretty
much the same. We're going to select, we'll say everything from our database
to look inside of it or from our table rather. That's going
to show us everything. If you just want to select one field, say name from Red Pill
db, give us the name. Now let's add some more data. Now I've got it all below
so you can copy and paste. I want to copy and paste right now
because I don't want to sit here and type this forever and make this video
even longer than it should be. Cool. I got a lot more data. I'm
going to commit that data. I'm going to select all
the names from Red Pill db. There they are and broken record. Again, we're dealing with the same kind
of stuff. Deja vu, black Cat. We can select real name from Red Pill DB, where name equals neo. So really powerful stuff. All the
powerful things that make sequel amazing. And frankly, I don't want Agent Smith
here. It makes you uncomfortable. Let's drop him or no, we're not going
to drop. That'll destroy all of 'em. We want to delete him. We'll
delete from Red Pill db, where name equals Agent Smith. That'll find in the column
the name Agent Smith. Take him out and we should see that
he's gone. Nothing there, honestly, I kind of miss him. I'm going
to add him back. He's back. We'll commit our changes here. Now,
before we try to hack this database, there's one more concept
about the architecture of
Oracle databases that I want to make sure you got. So we covered
that. We have the container, the container root rather and plugged
into him. We created our P D B, our Pluggable database, the Matrix, and our Pluggable DBU is
also are our database. Now, when we created that pluggable
database, we also created our user Neo. But at the same time, and we didn't see
this happening, something else happened. Something else was created a schema.
Whenever a user is created on the system, it'll also have a schema of the
same name created along with them. They're tied to that schema. They own
it, it's theirs. Now what's a schema? It's a logical container for database
objects. So think tables, views, indexes, store procedures,
things that you will create. So that table we just created, red
Pill db, it's contained in that schema. Now I say all that because what if we
want to see a list of our tables? Well, in SQL databases like MySQL,
you would say just show tables. But in Oracle it works a bit differently.
The tables are tied to a schema, they're contained in a schema,
and that schema is tied to a user. So if I want to see a list of tables, I have to either look at every
single table on a certain database. So I would say select table
name from D B A tables, but this shouldn't work for me. I
don't have access to all tables, but I can view the current tables that
I have access to in my database in my schema, I'll do select
table name from user tables, and I should see a list of every table
and this pluggable database that I have access to. And it's the one I created. If I were a admin or a system admin and
I had access to all tables and I only wanted to see tables from
a certain schema. So Neo, I would say select table
name from user tables where owner equals Neo. Oh
my bad, it's user not owner. I'm thinking of another command. So yeah, it is where a user equals
neo and that is the user, the schema that owns that table, all the views and store procedures that
surround that. Now, that was a lot, but I hope it gave you just a small
glimpse to the world of Oracle sql. It's a bit different. Certainly is, and you should be familiar with it because
I've seen this a ton in my IT career. Oracle databases are everywhere. Now,
before we try to hack the SQL database, I want to show you one of the new features
that comes to 23 C free and that's called J ss o n duality, which as a
term, just hearing that it sounds cool, but it's also kind of a lot to unpack
and will best be explained by a fun example. Check this out. So I just created two more tables
to demonstrate J S O N duality. So I still have Red Pill DB
containing all my matrix characters, which are now customers because
I just created a whole database containing network. Chuck Coffee. If I select everything from these
tables or from network Chuck Coffee, you'll see a lot of stuff. Now specifically I want to show you
one thing that's really cool about databases. I'm going to select just the description
for my coffee and notice something about this. This is in J
ss o restoring J S O N. A bunch of data key value
pairs inside one field and sql. This has been around for a minute, but the way we treat this data is
changing right now with 23 c and j ss o n duality. Well, J ss o's important
because it's so easy to work with. With our programs, developers often prefer
to use jss O when working with data. So I also created one more database.
We have the matrix characters, our customers, our coffee and
our network coffee database, and we also have a
customer orders database and there's all the customer orders. So now we're going to do
something kind of crazy. We're going to create what's
called a J SS o n duality view. And here's the stuff I'm about to paste. I'm going to show you my
editor so it's easier to see. But essentially here I'm joining
two tables together, network check, coffee and customer orders
and Creating a View. But it's all going to be in J SS O, which
seems like, okay, Chuck, whatever. No, check this out. So I'm going
to create it view created. So with that view set up, we
can do basic select statements. So here I'm looking at the coffee DV or
the J S O duality view and pulling the name from that table of all
the coffees, keeping in mind, it's all still in JSS O I want to pull
all the data. It would look like this, which is perfect for programmers,
right? Well check this out. I've got this view created
with J ss O. What do you say? We add something to the table, the
underlying tables. Let's add a new coffee. I already did it. We added a new
coffee into network. Chuck Coffee. It's the Chuck Blend, Columbia
Medium, all that stuff, it's there. What's really cool is that
my duality view, watch this. I'll just select the names. Oh wait,
lemme try it again. There we go. My duality view auto updated. It
reflected the underlying table change. That's a huge deal. Do you want to
see something crazier? Watch this. I can also with this command insert
a J ss o n document, pure J ss o n, straight into the view.
That's also pure J ss o n. So we're just dealing with JS O at
this point, right into coffee dv. Here's all my new coffee. Insert it
in there. I'll commit that change. And let's look at the underlying table. I think there's extra stuff
left in from previous commands. Lemme try it again here. I kept
adding an asterisk. Too much coffee, I'm missing stuff. But check that out. I inserted a J ss o n document
into the view the j ss o n view, and it changed the underlying
tables. That's crazy. What you're seeing is a switch back
and forth between using just regular relational SQL and J ss o N
interchangeably. That's massive. We're able to kind of treat unstructured
data and structured data in the same way. Kind of blurring the
lines between no SQL and sql. It's really strange and really awesome.
23 C is changing the game a little bit. And by the way, if you want
to try this example yourself, I'll put all the documentation below. It's really fun and I'll give you all
of these statements and code for my example. Now let's see if
we can hack a SQL database, a Oracle SQL database. Now I'm going to skew this little
window over to the side here. Now there are a number of tools we
can use to hack Oracle SQL databases, but one I found that was pretty fun
is called O dt. OAT tool is amazing. That just came to my mind. Normally you could install
this on Linux just straight on. But you know what I like to
use? I like to use Docker. So we're going to run a as a docker
container, it'll make things more fun. So I'll go and launch a new terminal
window here and zoom in a lot because that's ridiculous. And we're going
to run the sucker with one command. We're going to do pseudo. We'll
paste in this command docker run. We're doing a dash dash RM so it'll
delete itself when we're done with it, when we get out of it and that IT command
is going to throw us right in there. The IT switch right into bash.
Ready, set. Oh wait, pseudo password. It's going to download the container
image shouldn't take too long. Okay, it's done. And notice that we are in a
completely different world right now. We are root in this. Woohoo.
I think it's our container id. Who am I? I'm root. Now. Odat
does a lot of cool things. It helps with everything from enumerating, an Oracle database to trying to
break into it. Now enumerating, let's talk about that when we're trying
to hack what we might suspect is an Oracle database. We want to find a server and
see if it has a T n S listener. And again, normally it's
going to be at port 1521. This is how other systems will make
connections with this database to interact with it and do stuff. We're going to of
course use that for nefarious purposes. So o DT has a module that we're going to
use real quick to see if we can find a service. Now we already know it's
there, but we're going to try it out. Now real quick, we're using
two docker containers, two little virtual computers on
our system. We have one here, I have one over here. Each of these will have their own little
internal IP address and this Docker network. Now to have fun here, we want
to find out what IP addresses those are. Now, normally they're pretty
much the same across the board, but let's just double check. So what
we'll do is we'll launch another terminal, just another window here,
up close and personal. And we're going to do a pseudo docker
network. Docker networking is so fun. I got a video up here
for it. Bridge Inspect. The bridge is the default network
that these containers will connect to. Oh wait, I got to backwards. It's Docker
network, inspect bridge. There we go. Here it'll list our containers
and their respective IP addresses. Notice the Oracle database. The
Oracle, it's on 1 7 2 17 0 2. The elastic ride, which is
our o dt, is on dot three. So remember that Yours will probably be
the exact same if you're using default docker settings. So let's play. The first thing we'll do is
jump into another directory. We'll use CD slash root
slash oat. We're there. Now let's make sure things are working. So we'll do Python three oat
pi and we'll do a dash H to see if we can reach their help file and
make sure things good. Cool, we're good. If you see all that
helpful stuff, we're solid. Now time to see if the T N
SS listener is listening. So now that we know what works, we're going to type in Python three
ODA pi and we'll use one of the modules called T N S cmd. We'll do a
dash s and specify the server. We know the server IP address. It's
1 7 2 point 17 0.2. Now by the way, this is again underscores
the power of docker. We just created a little hacking
environment, right? That's so neat. Let's turn into a hacking
environment video. I love that we specified our server
lend to our port with dash and we'll say 1521 and we'll do a dash dash
ping just to see like, okay, is it listening? Is it there? Apparently
it's we got an A DSS received, it's up. Cool, so we know we're in the
right place, but now what? Now we got to figure out who is
ssid. SSID is these identifier. Each Oracle container will have
its own SSID or session identifier. We need to know this in order to try
and connect to it to try and hack it. And that's the first step. Now here we
are going to kind of cheat a little bit. An easy way to check it on SQL Plus
is to do select everything from the global name database.
Now you might go, cool, our container, the SSID is the
matrix. That's easy, but it's not. You see our container here is
A P D B A pluggable database. The pluggable database
doesn't have a ssid. It actually shares the SSID
with the root container. So let's try this. We're going
to back out, get out of there, and we're going to log in to
the root container as css, D B A once more and we're
going to do that same command. Show everything from global. I said show. I'm losing it. There we go. Now
there that is the SSID bar, C, D, B, route free. So as a hacker,
we would want to find this. What is the sid? We got
to get that so we know it. But let's get into the hacker mode. How would a hacker figure that out
if you didn't already know it? Well, brute force. Watch what we're going
to do. It's fun. Over here on O dat, we're going to use another
module. Python three O dat pi. This one is called Sid Guesser
and he guesses what that does. Then we'll specify our server
one 17 or 1 7 2 17 0 2. Now I'll see what happens when I do
that. I forget what it does. Okay, cool. So it tried it already had a
list of SSIDs, common sids, and it tried those to see
if it could connect nothing. Let's see if we can find that
list. CD docs. Is it here? No. It need some resources. Oh
yeah, it's some resources. Let's see what's in that list
right now. Txt. Let's cat that. So it actually looked through all
these sits, what could be in there, but I bet you that free isn't
there. Yep, it's not there. So now what we can do real quick,
just because we know we know, let's add free to that list. Now this
doesn't have a text editor built in, so let's install it real quick. We'll do
AP PT install nano should be very fast. Got it. Now let's open up
sids. Nano sids, T X T. We're just going to add free somewhere
random. Let's go like control. Let's just put it like right
here. Control x, Y, enter to save. Let's back out to our home directory
here. Odat not home, just o dat. And we'll run that command
once more. Ready, set, go. We should get a different thing here. Oh, see it immediately found that free is
a valid ssid and if we had that list properly populated, we would've found
that. So cool. We identified the ssid. Now what? Well now we try
and guess a login. And again, this is going to be like brute force
think Hydra or John the Ripper. We're going to try and brute force
our connection by guessing a bunch of usernames and a bunch of
passwords. Here's the command. Python three odat pi. This one will be password guesser.
I mean you saw it coming right now. This particular module does
require you to know the sid, otherwise it's going
to be hitting nothing. So we'll first specify the
server dash SS 1 72 17 0 0.2. Then we'll do a
dash P for the port 1521, and then we'll do a dash D for the sid,
which is free. Now that should be it. It has the default list of passwords
that might guess. Let's try it out. 1, 2, 3, go. It's going, but just think
about this right now. It's slowly going, but it's like it's hitting it with
a bunch of username and passwords. The spoiler, I know that SIS and
free aren't going to be in there. So let's go ahead and stop this. Let's
go find that password file it was using, I think it was in logins. I'll go
to logins. That's not it. Oh yeah, it's account. So CD accounts. I believe
it's by default doing account small, so we'll, nano accounts small and it's
got a few username and passwords here. Let's put ours at the very close to the
very top so it's not taking too long. We'll put it like right here.
Sis. Password, just like that. So this is demonstrating because
we're kind of cheating a little bit. This is demonstrating what it would
do if it actually had the username and password present in that file.
So let's back out one directory, run our command once more. It's already
tested. A few accounts, we'll say, you know what? Continue
whatever. Let's see, and it's going to run and we'll see
what happens. Actually, you know what? I realize it's actually accounts
txt. That's the default. So let's actually edit that
real quick. I'm being silly, and we'll add that right here. Okay, cool. Now we're going to be
rolling one more time. Bam. You see that it found valid
credentials, sis and password. Now we could let it keep going and find
more users, but we're happy with that. We know that is a system admin. That's the best thing
you can find as a hacker. It's the worst thing for you as
a company. Now at that point, the job is pretty much done, especially if you found system admin
passwords because then you could use SQL Plus because you are ethical hacker and
you know how to get into SQL databases because when you just learned that
you would jump in there with those credentials and hack away, find out information if the account
you had didn't have proper privileges. There are some other modules to
try and do privilege escalation, but likely they won't work
on a later edition like 23 C. It's super secure. And the only reason we were able to hack
this is because we basically told the hacker the password and the
ssid. Otherwise they would
be kind of hard to find. That's Oracle databases, A
very, very high level overview. We dived a little bit deep, did some
fun stuff, hacked it a little bit, and learned about one of the most amazing
features I've seen with databases. J ss o on duality. And by the way, if you want to learn more about 23 C and
how to work with Oracle databases and have a killer career, should probably
check out O W C, Oracle World or O C W, Oracle Cloud World. Yes, I
think that's right. Again, happening September 18th through 20th.
Don't want to miss that link below.
