Metasploit Penetration Testing Framework
SQL Injection in MDSYS.SDO_TOPO_DROP_FTBL Trigger.
This module will escalate a Oracle DB user to MDSYS by exploiting an sql injection bug in the MDSYS.SDO_TOPO_DROP_FTBL trigger. After that exploit escalate user to DBA using "CREATE ANY TRIGGER" privilege given to MDSYS user by creating evil trigger in system scheme (2-stage attack).
Rank
- Normal
Authors
- Sh2kerr < research[ad]dsec.ru >
References
Development
Similar Modules
- auxiliary/admin/oracle/ora_ntlm_stealer
- auxiliary/admin/oracle/oracle_login
- auxiliary/admin/oracle/oracle_sql
- auxiliary/admin/oracle/oraenum
- auxiliary/admin/oracle/osb_execqr
- auxiliary/admin/oracle/osb_execqr2
- auxiliary/admin/oracle/post_exploitation/win32exec
- auxiliary/admin/oracle/post_exploitation/win32upload
- auxiliary/admin/oracle/sid_brute
- auxiliary/admin/oracle/tnscmd
Usage Information
$ msfconsole
## ### ## ##
## ## #### ###### #### ##### ##### ## #### ######
####### ## ## ## ## ## ## ## ## ## ## ### ##
####### ###### ## ##### #### ## ## ## ## ## ## ##
## # ## ## ## ## ## ## ##### ## ## ## ## ##
## ## #### ### ##### ##### ## #### #### #### ###
##
msf > use auxiliary/admin/oracle/droptable_trigger
msf auxiliary(droptable_trigger) > run
## ### ## ##
## ## #### ###### #### ##### ##### ## #### ######
####### ## ## ## ## ## ## ## ## ## ## ### ##
####### ###### ## ##### #### ## ## ## ## ## ## ##
## # ## ## ## ## ## ## ##### ## ## ## ## ##
## ## #### ### ##### ##### ## #### #### #### ###
##
msf > use auxiliary/admin/oracle/droptable_trigger
msf auxiliary(droptable_trigger) > run
Module Options
| FILENAME | The file name. (default: msf.sql) |
| OUTPUTPATH | The location of the file. (default: ./data/exploits/) |
| SQL | The SQL to execute. (default: GRANT DBA TO SCOTT) |
| USER | The current user. (default: SCOTT) |
| WORKSPACE | Specify the workspace for this module |
Metasploit Framework 3.3.3Copyright © 2003-2010 Rapid7 LLC