Open source security testers have released a free tool that simplifies and automates hacking of Oracle databases at the Black Hat conference in Las Vegas in July 2009. The Oracle database is popular with large corporations and governments for recording large volumes of online transactions. The hacking tool was developed in the open source Metasploit cooperative, which had hosted a seminar at the conference. According to the Metasploit website, students will learn how to create custom modules to solve specific tasks, launch widescale client-side attacks, operate a malicious wireless access point, generate custom backdoors, bypass intrusion prevention systems, and automate the post-exploitation process. The course shows how to use new features in the Metasploit softwre for penetration tests. In February security researcher and Metasploit co-developer Chris Gates, who runs the Carnal0wnage website, showed how to attack Oracle using Metasploit. A video of the attack (below) was posted on the Toolbox for IT blogs.
Attacking Oracle with the Metasploit Framework Shmoocon Firetalk Demo Video from carnal0wnage on Vimeo. Reuters reported that Oracle has released a patch that protects against Metasploit. However, many firms are lax about applying patches, opening their information to hackers. Metasploit has created other tools to hack other software programs, including Microsoft Windows, Apple’s OSX, Linux and Posix operating systems, as well as the Firefox and Internet Explorer browsers and applications such as Office and Adobe’s PDF applications. Meanwhile, Mandiant, another security firm, says it has developed a tool that can detect Metasploit attacks. It says Metasploit’s Meterpreter software lets developers write code in DLL files and execute everything in memory. This means nothing is written to disk where it might be detected. Testers and hackers can use Meterpreter to download and upload files, execute code, and open its own command shell. The new tool can tell if Meterpreter is still in memory, and, if so, which files Meterpreter has accessed, and whether it has changed a registry key.
