From 3daf2617e2f80ea04cb55a8015865d5fd6623440 Mon Sep 17 00:00:00 2001 From: Hakim LOUMI <57396837+hloumi@users.noreply.github.com> Date: Wed, 18 Dec 2024 17:31:28 +0100 Subject: [PATCH] [Livelabs ID: 11105] Story of a Hack updates (#283) * dbseclab_v5.5 * dbseclab_v5.5 * dbseclab_v5.5 * dbseclab_v5.5 * Squashed commit of the following: commit 41135e2f89c34a25782b0f0177da22337e50b76b Author: Dan Wiliams <127415766+dannymgithub@users.noreply.github.com> Date: Thu Dec 21 17:09:01 2023 -0500 WMS 11492- SQL Firewall new Livelabs (#157) * Revert "[WMSID 11492] SQL Firewall new Livelabs (#153)" This reverts commit b00fe40b10f67514ac49a2a80b8a647e1991d684. * Revert "Revert "[WMSID 11492] SQL Firewall new Livelabs (#153)"" This reverts commit 575187b049f9f82b98b6338c723acc23621ccdd2. * dbseclab_v5.5 * dbseclab_v5 * dbseclab_v5.5 * dbseclab_v5.6 * dbseclab_v5.6 * dbseclab_v5.6 * dbseclab_v6.0 * dbseclab_v6.0 * dbseclab_v6.0 * dbseclab_v6.0 * dbseclab_v6.0 * dbseclab_v6.0 * dbseclab_v6.0 * dbseclab_v6.0 * dbseclab_v6.0 * dbseclab_v6.0 * dbseclab-v6.1 * dbseclab-v6.1 * dbseclab-v6.1 * dbseclab-v6.1 * dbseclab-v6.1 * dbseclab_v6.1 * dbseclab-v6.1 * dbseclab-v6.1 * dbseclab-v6.1 * dbseclab-v6.1 * dbseclab-v6.1 * dbseclab-v6.1 * dbseclab-v6.1 * dbseclab-v6.1 * dbseclab-v6.1 * dbseclab-v6.2 * dbseclab-v6.2 * dbseclab-v6.1 * dbseclab-v6.1 * dbseclab-v6.1 * dbseclab-v6.1 * dbseclab-v6.1 * updating dv lab - rce * small updates - rce * make changes - rce * dbseclab-v6.1 * dbseclab-v6.1 * dbseclab-v6.1 * dbseclab-v6.1 * dbseclab-v6.2 * dbseclab-v6.2 * Updates for 23ai * Updates for labs * update dv labs * updates to the lab * dv lab updates * dbseclab_v70 * dbseclab-v6.2 * lab updates * update lab * updates to adb dv lab * adb dv lab updates * adb dv lab updates * adb dv lab updates * dbseclab-v6.2 * dbseclab-v6.2 * adb dv lab updates * dbseclab-v6.2 * dbseclab-v6.2 * dbseclab-v6.2 * adb dv lab updates * adb dbv lab updates * dbseclab-v6.2 * dbseclab-v6.2 * dbseclab-v6.2 * dbseclab-v6.2 * dbseclab-v6.2 * dbseclab-v6.2 * updates to adb dv lab * adb dv lab * adb dv labs * dbseclab-v6.2 * dbseclab-v6.2 * dbseclab-v6.2 * dbseclab-v6.2 * dbseclab-v6.2 * dbseclab-v6.2 * dbseclab-v6.2 * dbseclab-v6.2 * dbseclab-v6.2 * dbseclab-v6.2 * dbseclab-v6.2 * dv lab updates * adb dv lab updates * adb dv lab updates * adb dv lab update * adb dv * adb dv labs * adb dv lab updates * dv lab updates * dv labs update * dbseclab-v6.2 * dbseclab-v6.2 * dbseclab-v6.2 * dbseclab-v6.2 * dbseclab-v6.2 * dbseclab-v6.2 * dbseclab-v6.2 * dbseclab-v6.2 * dbseclab-v6.2 * dbseclab-v6.2 * dbseclab-v6.2 * dbseclab-v6.2 * dbseclab-v6.2 * dbseclab-v6.2 * dbseclab-v6.2 * dbseclab-v6.2 * dbseclab-v6.2 * dbseclab-v6.2 * dbseclab-v6.2 * dbseclab-v6.2 * dbseclab-v6.2 * dbseclab-v6.2 * dbseclab-v6.2 * dv lab updagtes * dv lab updates * dv lab updates * dv lab updates * dv lab updates * adb dv lab * adb dv updates * adb dv lab update * dbseclab-v6.2 * dbseclab-v6.2 * dbseclab-v6.2 * dbseclab-v6.2 * dbseclab-v6.2 * dbseclab-v6.2 * dbseclab-v6.2 * dbseclab-v6.2 * dbseclab-v6.2 * dv lab updates * dbseclab-v6.2 * dbseclab-v6.2 * dbseclab-v6.2 * dbseclab-v6.3 * dbseclab_v6.3 * dbseclab_v6.3 * dbseclab_v6.3 * dbseclab_v6.3 * dbseclab_v6.3 * ocw24 dv hol * dv hol ocw * dv ocw hol * dbseclab_v6.3 * dbseclab_v6.4 * dbseclab_v6.4 * dbseclab_v6.3 * dbseclab-v6.3 * dbseclab-v6.3 * dbseclab-v6.3 * dbseclab-v6.3 * dbseclab-v6.3 * dbseclab_v6.3.1 * dbseclab-v6.3.1 * dbseclab-v6.3.1 * dbseclab-v6.3.1 * dbseclab-v6.3.1 * dbseclab-v6.3.1 * dbseclab-v6.3.1 * data redaction lab for 23.6 release * free tier folder for new data redaction livelab * updated markdown * updates to the data redaction lab * Update intro.md * dbsec-v7.0 * dbseclab-v7.0 * Update manifest.json * dbseclab-storyhack_v7.0 * dbseclab-storyhack-v7.0 * dbseclab-storyhack_v7.0 * dbseclab_storyhack-v7.0 * dbseclab-storyhack_v7.0 * dbseclab-storyhack_v7.0 * dbseclab-storyhack_v7.0 * dbseclab_story-v7.1 * dbseclab_storyhack-v7.1 * dbseclab_story-hack_v7.1 * dbseclab_story-hack_v7.1 * dbseclab_story-hack_v7.1 * dbseclab_story-hack_v7.1 * dbseclab_story-hack_v7.1 * dbseclab_story-hack_v7.1 * dbseclab_story-hack_v7.1 * dbseclab_story-hack_v7.1 * dbseclab_story-hack_v7.1 * dbseclab_story-hack_v7.1 * dbseclab_story-hack_v7.1 --------- Co-authored-by: Hakim LOUMI Co-authored-by: richardcevans Co-authored-by: Ana-Maria COMAN <157381084+anacoman11@users.noreply.github.com> Co-authored-by: Dan Wiliams <127415766+dannymgithub@users.noreply.github.com> --- database/story/intro/intro.md | 4 ++-- database/story/story-hack/story-hack.md | 7 ++++--- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/database/story/intro/intro.md b/database/story/intro/intro.md index 5d9b7747..0698f9f2 100644 --- a/database/story/intro/intro.md +++ b/database/story/intro/intro.md @@ -30,7 +30,7 @@ In our scenario, this database contains sensitive data that could be used by the As your attack protocol progresses, you will test the same commands from the same interfaces, but this time pointing to another Oracle Database named PDB2. Oracle's recommended security controls protect PDB2. You will see how a well-configured database can block the most common attacks used to break in and steal data. -*Versions tested in this lab:* Oracle DB EE 19.23, OEM 13.5, AVDF 20.13 +*Versions tested in this lab:* Oracle DB EE 19.23, OEM 13.5, AVDF 20.13 an OKV 21.9 ### Objectives This lab helps you learn to use some of the most important security features of the Oracle Database. @@ -123,4 +123,4 @@ Unfortunately, whether you pay the ransom or not, your sensitive data is now out ## Acknowledgements - **Author** - Hakim Loumi, Database Security Senior Principal PM - **Contributors** - Russ Lowenthal, Database Security VP -- **Last Updated By/Date** - Hakim Loumi, Database Security PM - November 2024 \ No newline at end of file +- **Last Updated By/Date** - Hakim Loumi, Database Security PM - December 2024 \ No newline at end of file diff --git a/database/story/story-hack/story-hack.md b/database/story/story-hack/story-hack.md index 526e1130..04c22670 100644 --- a/database/story/story-hack/story-hack.md +++ b/database/story/story-hack/story-hack.md @@ -467,10 +467,11 @@ In this lab, you will perform a "UNION-based" SQL injection attack on an applica ``` - cd /home/oracle/DBSecLab/admin - stop_Glassfish.sh + cd $DBSEC_ADMIN + ./stop_Glassfish.sh sudo sed -i -e 's|pdb1|pdb2|g' /u01/app/glassfish/hr_prod_pdb2/WEB-INF/classes/hr.properties - start_Glassfish.sh + ./start_Glassfish.sh + cd $DBSEC_LABS/story-hack ```