Call (800) 766-1884 for Oracle support & training
Free Oracle Tips

Oracle Consulting Support
Oracle Upgrades
Use New Oracle Features
Oracle Replication Support
Oracle Training
Remote Oracle DBA
System Documentation
Oracle Tips
Oracle Performance
 

Free Oracle Tips


 
HTML Text

BC Oracle tuning

Oracle training

Oracle support

Remote Oracle

Redneck
 

 

A trick for bypassing Oracle security

 

Donald K. Burleson

 

One trick commonly used by UNIX hackers is to leverage the UNIX operating system to probe into the Oracle data blocks.  With some knowledge of UNIX and Oracle, the nasty hacker can use UNIX to verify the contents of Oracle data rows. 

This technique is also useful if a data corruption is causing a data file to go offline, or if Oracle data is suspect.  Let’s see how this is done. We start by running a SQL query to locate the ROWID of the data block that contains the row we want to investigate. Here we rely on the dbms_rowid package, and use the row_block_number procedure to return the data block corresponding to our desired row.

select
   dbms_rowid.rowid_block_number(rowid) block
from
   customer
where
   customer_name = ‘Burleson’;

BLOCK
-----
141

Here we see that the customer information for Burleson resides on the 141st block in the data file.  We can now go to UNIX and display the contents of this row. 

This is a great tool because we can display Oracle data even if the database is shut down.  Of course, hackers can also use these tools to bypass the security of the Oracle database, hacking directly into the Oracle data files.

To display block 141, we can use the UNIX dd command.  The dd command accepts a skip parameter that tells it how far into a file to travel. To get to block 141 we must allow for nine blocks in the datafile header.  We must also remember that the skip statement should take us to the block immediately before our data block.

Hence, our data block is on block 150 (141+9) and the skip parameter for block 141 will be:  141+9-1 = 149.  We also need to specify the blocksize for the dd command in the ibs parameter.

Once we run the UNIX dd command to read the Oracle data block, we can filter the output by piping it to the UNIX strings command to only show printable information. Here is the UNIX command and the output showing the displayable data inside the data block:

root> dd if=/u01/oradata/prod/customer.dbf \
      ibs=8192 skip=149 count=1|strings

1+0 records in
149+0 records out
Donald Burleson 3/35/56 1401 West Avenue

While this technique is most useful in emergency situation when you cannot start the Oracle database, it is important to understand how a UNIX hacker can bypass Oracle and read information directly from your Oracle database files.

If you like Oracle tuning, you might enjoy my latest book “Oracle Tuning: The Definitive Reference” by Rampant TechPress.  It’s only $41.95 (I don’t think it is right to charge a fortune for books!) and you can buy it right now at this link:

http://www.rampant-books.com/book_2003_1_oracle9i_sga.htm

 

”call






Oracle reference poster 




Rampant Oracle books