Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: Hacking An Oracle Session : Is It Possible?
Daniel Morgan wrote:
> Frank van Bortel wrote:
>> It is extremely easy to make sqlnet connections encrypted. >> Merely requires one or two entries in the network configuration >> files on client and server, and you're done. >> uid/password are then encrypted as well. > > > Can you, or anyone else, think of a quick demo that could be used to > show the change to students? > > Run it in default configuration ... show the connection stream ... > modify ... view the connection stream?
Something like:
change the client side sqlnet.ora to include these lines:
#sqlnet.encryption_client = "accepted" #sqlnet.encryption_types_client = "3DES168" #sqlnet.crypto_seed ="IUH&*^#(@RHJJHUIOYOQ#JIbawdggy"trace_level_client=support
Connect; e.g. sqlplus scott/tiger_at_o920 <<<< Bad habit, password will show!
exit the session.
Examine trace files, the actual data sent is in binary, as
well as in readable form:
[15-MAY-2004 19:51:29:515] nspsend: 56 49 43 45 5F 4E 41 4D |VICE_NAM|
[15-MAY-2004 19:51:29:515] nspsend: 45 3D 6F 39 32 30 2E 63 |E=o920.c|
[15-MAY-2004 19:51:29:515] nspsend: 73 64 62 30 31 2E 63 73 |sdb01.cs|
[15-MAY-2004 19:51:29:515] nspsend: 2E 6E 6C 29 28 43 49 44 |.nl)(CID|
[15-MAY-2004 19:51:29:515] nspsend: 3D 28 50 52 4F 47 52 41 |=(PROGRA|
[15-MAY-2004 19:51:29:515] nspsend: 4D 3D 44 3A 5C 6F 72 61 |M=D:\ora|
[15-MAY-2004 19:51:29:515] nspsend: 63 6C 65 5C 6F 72 61 39 |cle\ora9|
[15-MAY-2004 19:51:29:515] nspsend: 32 5C 62 69 6E 5C 73 71 |2\bin\sq|
[15-MAY-2004 19:51:29:515] nspsend: 6C 70 6C 75 73 2E 65 78 |lplus.ex|
[15-MAY-2004 19:51:29:515] nspsend: 65 29 28 48 4F 53 54 3D |e)(HOST=|
If you do nothing (connect and exit), about half way in the trace file,
that will be about 200kB anyway!), you'll find:
[15-MAY-2004 19:51:29:578] nspsend: 00 40 D3 12 00 30 D7 12 |.@...0..|
[15-MAY-2004 19:51:29:578] nspsend: 00 05 73 63 6F 74 74 0F |..scott.|
[15-MAY-2004 19:51:29:578] nspsend: 00 00 00 0F 41 55 54 48 |....AUTH|
[15-MAY-2004 19:51:29:578] nspsend: 5F 50 52 4F 47 52 41 4D |_PROGRAM|
[15-MAY-2004 19:51:29:578] nspsend: 5F 4E 4D 0B 00 00 00 0B |_NM.....|
[15-MAY-2004 19:51:29:578] nspsend: 73 71 6C 70 6C 75 73 2E |sqlplus.|
[15-MAY-2004 19:51:29:578] nspsend: 65 78 65 00 00 00 00 0C |exe.....|
[15-MAY-2004 19:51:29:578] nspsend: 00 00 00 0C 41 55 54 48 |....AUTH|
[15-MAY-2004 19:51:29:578] nspsend: 5F 4D 41 43 48 49 4E 45 |_MACHINE|
So there is the userid in clear text. Passwords are never sent in clear text, unless that has to do with the Advanced Security Option installed here.
Now - uncomment the client sqlnet lines:
sqlnet.encryption_client = "accepted"
# If encryption is requested, or required, accept it
sqlnet.encryption_types_client = "3DES168"
# use triple DES, 168bit key encryption
sqlnet.crypto_seed ="IUH&*^#(@RHJJHUIOYOQ#JIbawdggy"
# anyting in double quotes ("") 10 - 70 characters
trace_level_client=support
Make sure the server side requires encryption, alter the sqlnet.ora file:
sqlnet.encryption_types_server="3DES168" sqlnet.encryption_server="required" sqlnet.crypto_seed = "KJHQ&DTY)@YHKjausgd18`89"# I used a different one on the server...
On the client, connect, and exit again.
Examine trace files
About one third:
[15-MAY-2004 20:31:07:828] na_tns: encryption is active, using 3DES168
Further down, about half way:
[15-MAY-2004 20:31:07:843] nspsend: packet dump
[15-MAY-2004 20:31:07:843] nspsend: 00 A4 00 00 06 00 00 00 |........|
[15-MAY-2004 20:31:07:843] nspsend: 00 00 7C A8 D6 B9 06 73 |..|....s|
[15-MAY-2004 20:31:07:843] nspsend: D3 F9 C7 14 6C B9 57 64 |....l.Wd|
[15-MAY-2004 20:31:07:843] nspsend: 8D 3D 4D 1F D0 83 68 4F |.=M...hO|
[15-MAY-2004 20:31:07:843] nspsend: 83 BA 87 B0 1A 83 1E F3 |........|
[15-MAY-2004 20:31:07:843] nspsend: CB DC D8 77 50 27 0A AE |...wP'..|
[15-MAY-2004 20:31:07:843] nspsend: 5F C2 54 CE 87 87 BC 7D |_.T....}|
[15-MAY-2004 20:31:07:843] nspsend: 7C A9 F4 94 E2 3B A6 84 ||....;..|
[15-MAY-2004 20:31:07:843] nspsend: D4 DE B9 09 FE 19 C4 96 |........|
[15-MAY-2004 20:31:07:843] nspsend: 80 6B A2 05 88 64 A3 0D |.k...d..|
When done - don't forgt to set trace_level_client to NONE (or 0 - zero) again!
Will that do?
BTW ethereal shows the same (tracing TNS) as sqlnet trace
-- Regards, Frank van BortelReceived on Sat May 15 2004 - 13:53:18 CDT