The Oracle Hacker's Handbook: Hacking and Defending Oracle

 The Oracle Hacker's Handbook (OHH) is a collection of techniques that could be used by an attacker to gain unauthorised access to an Oracle database server upto and including 10gR2. Most of these techniques are currently not public, so OHH is both new knowledge for an attacker and vital warning to those responsible for securing Oracle servers. In a nutshell the new attacks include how to gain the version number remotely, brute force usernames, gain passwords/hashes from the OS, attack the listener, escalate privilege internally through PLSQL Packages and Triggers both directly and indirectly as well as defeating VPD. These attacks are illustrated both directly and through application server. By using these techniques and by accessing the Oracle files directly through the OS an attacker would be able to gain DBA privileges on most secured servers. Additionally using the code examples included an attacker could gain password hashes and then the actual DBA clear text password from the network using the password decryption code included. This will work even with complex quoted passwords. This is the most effective public analysis of security vulnerabilities in Oracle products so far. OHH is a technical book and not really an introduction to the subject though it could be picked up reasonably quickly as the text avoids unnecessary jargon. The book could be enhanced by including more on defense strategies, such as, how to prepare and respond to an attack where the attacker has gained the clear text DBA password. OHH has a free download site for pre-written proof of concept code which will helps avoid unnecessary typing. From a general readability point of view the book is concise and to the point. The sections are logically laid out and the examples have worked when tested. I would recommend those involved in Oracle security to read this book as soon as they can. # 226 pages # Publisher: Wiley (January 30, 2007) # Sold by: Amazon Digital Services # ASIN: B000WN0M80 HAS BOTH PDF AND CHM INCLUDED http://rapidshare.com/files/86952707/Nlder__2_.rar