If you don't know neither the enemy
nor yourself, you will sucumb in every battle.
If you know yourself but not the enemy, for every victory gained you will also suffer a defeat.
But if you know the enemy and know yourself you need not fear the result of a hundred battles.
The art of war (Sun Tzu)
We gave a presentation at Derbycon
2.0 in 2012 which details the following topics:
Below you can download PoC codes and our slides.
All of the codes should be considered as a proof of concept code and use
them at your own risk.
tnspoison metasploit module (the attack was discovered by Joxean Koret all credit goes to him)
pytnsproxy that supports tnspoison
oradebug metasploit modules
tdsproxy for hijacking MSSQL connections
ocioralog meterpreter extension
oralog meterpreter extension