Description: https://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-chris_gates-breaking_metasploit.pdf
https://www.defcon.org/images/defcon-17/dc-17-presentations/Chris_Gates/defcon-17-chris_gates-breaking_metasploit-wp.pdf
the years there have been tons of Oracle exploits, SQL Injection vulnerabilities, and post exploitation tricks and tools that had no order, methodology, or standardization, mainly just random .sql files. Additionally, none of the publicly available Pentest Frameworks have the ability to leverage built-in package SQL Injection vulnerabilities for privilege escalation, data extraction, or getting operating system access. In this presentation we are going to present an Oracle Pentesting Methodology and give you all the tools to break the unbreakable Oracle as Metasploit auxiliary modules. We've created your version and SID enumeration modules, account bruteforcing modules, ported all the public (and not so public) Oracle SQL Injection vulnerabilities into SQLI modules (with IDS evasion examples for 10g/11g), modules for OS interaction, and modules for automating some of our post exploitation tasks.
Tags: securitytube , defcon , def con , hacking , hackers , information security , convention , computer security , DC 17 , defcon 17 , dc-17 ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.