How To Change ASMSNMP Password (12c and 18c)

Today I was configuring a cluster in the Cloud Control and in one of the steps is to configure access to the ASM part. For This part is used by the asmsnmp user, which is the one that must be configured. As in this case, I did not know the password of this user opted to change it.

To make this password change we have two options;

# 1 Connecting to the asm instance and executing an alter user

 
$ sqlplus / as sysasm
Alter user asmsnmp identified by xxxxxxx;

#2 From asmcmd command with orapwusr

 
ASMCMD> orapwusr --modify asmsnmp
Enter password: *********
ASMCMD>

HTH – Antonio NAVARRO

 

Advertisements

Crawler Network (Pl Sql)

In some free time, every time I have less, I have been doing a small spider (programmed in PL SQL) for once we have access to a database to launch a discovery process on the network in which the machine that hosts the server is located database. This code is thought as a PoC (Proof of Concept).

Basically what I’m going to do is use a few packages that Oracle usually brings by default (it can vary by version). What if I manage to execute them in the database, this by default will give me access to the network where the database server is and make a discovery of machines / servers in that piece of network. It would be similar to using nmap (for example, as an nmap -sn 173.101.0.0/24) but from Oracle itself.

Indicate that it depends on how the network is configured, its security level (use of ACL), etc. They can ban us and we can not see anything.

Picture show the banner for the tool 🙂

crawler_plsql_drei

This small script receives four parameters

# 1 Prev_range: n IPs to try before the IP of the machine where the database is.
# 2 post_range: n IPs to try after the IP of the machine where the database is.

Suppose that the machine where the database is located is in the ip 173.120.0.50

if we execute: crawler_plsql 5 6

the process will try to discover if it exists and alias the IPs;

173.120.0.45
173.120.0.46
173.120.0.47
173.120.0.48
173.120.0.49
173.120.0.50
173.120.0.51
173.120.0.52
173.120.0.53
173.120.0.54
173.120.0.55
173.120.0.56

The next picture show the start and check process, to verify privileges and permissions for the user that we are using (Actual IP has been pixeled);

crawler_plsql_eins

In the next step the crawler show a list with all host that it a discoverd (inside the range used in param #1 and param #2).  The ollowing picture has been pixeled.

crawler_plsql_zwei

#3 Try dblink: This parameter will try to create a dblink to the destination, against port 1521, the idea is to try to identify if there is another Oracle engine, configured by default on port 1521 (the next version could do a vertical scan 1024 – 65535), and if there is to see how far we get.
if we execute: crawler_plsql 5 6 Y

The process will try to create a database link against the IPs. If we use the previous example, try to create a dblink against each of the IPs in the range 173.120.0.45 – 173.120.0.56.
#4 send_mail: Send all the information you have collected and send it by mail, if you are doing something that you should not do not send it to a address that may be associated with you. It would be an exfiltration of data.

if we execute: crawler_plsql 5 6 Y Y

Will send the mail based on the configuration of the section “Settings for email” the parameters to be configured are

CMailIp        -- IP where start mail
CPort          -- Port to start resend, by default 25
CFromName      -- Name (sender)
CFromEmail     -- Boxmail (sender)
CToName        -- Name (receipent)
CToEmail       -- Boxmail (receipent)
CSubject       -- Issue

finally, the link to the code is this.

CRAWLER_PLSQL (github download

 
Any comment is welcome.

HTH – Antonio NAVARRO

New Version Of PUTTY (update fast)

Putty has presented a new version, the 0.71, of this popular, simple and useful open source software, which solves the day to day to many DBAs, Sysadmin, Developers, etc. Having options from telnet (it should no longer be used) to the possibility of making tunnels through making connections in RAW mode.

This version, does not really present great news, if not, that a bit in the Microsoft line is a patch to correct important security vulnerabilities.

Some of the most dangerous vulnerabilities are;

  • DSA signature check bypass (MITM)
  • Integer overflow (Over RFC 4432)
  • Potential Malicious code execution (from help files .chm)
  • Buffer Overflow in Unix PuTTY (over active Unix file descriptors by using poll() system call)
  • DoS if Many Unicode is used

You can download the new version from its official website
Putty 0.71 download

HTH – Antonio NAVARRO

Generating Hash Passwords In Oracle

I have shared in my github a small code fragment, programmed in java, that from a database user and its password generates the hash that Oracle would generate (in versions 11 and below). This is just an example to see how easy it is to get the data. Logically we can play with the username and hash to get the password.

From version 12 onwards, the form and algorithms that Oracle uses to generate the hash (or encrypted password), including the use of cryptographic salt, have changed. The concept and use of cryptographic salt I promise to see more in detail in another post, although I advance you that its main function is to shield the hash in the face of possible attacks by dictionaries.

Please, for see the code follow the next link;

Generate Hash Code (Java implementation)

HTH – Antonio NAVARRO