If you don't know neither the enemy
nor yourself, you will sucumb in every battle.
If you know yourself but not the enemy, for every victory gained you will also suffer a defeat.
But if you know the enemy and know yourself you need not fear the result of a hundred battles.
The art of war (Sun Tzu)
Think differently about database hacking
We gave a presentation at Derbycon 2.0 in 2012 which details the following topics:
Below you can download PoC codes and our slides.
All of the codes should be considered as a proof of concept code and use them at your own risk.
tnspoison metasploit module (the attack was discovered by Joxean Koret all credit goes to him)
pytnsproxy that supports tnspoison
oradebug metasploit modules
tdsproxy for hijacking MSSQL connections
ocioralog meterpreter extension
oralog meterpreter extension
The views, opinions and thoughts in this homepage are the views, opinions and thoughts of the writer of this homepage and do not represent the views, opinions or thoughts of any past or current employer of the writer or any other third person. The content is provided 'as is' without warranty of any kind. Use at your own responsibility. Laszlo may be contacted on firstname.lastname@example.org.