One of our agents (codename Larry) was able to sniff Oracle network traffic deep in the Russian network.
First Larry obtained some traffic when users authenticated to the database, this traffic you can findhere
Afterwards, Larry sniffed some traffic when the database made some network backup.
When he realized how important this could be, the agent immediately forwarded the traffic
to the headquarter, but unfortunately the transmission was stopped.
We could not make any contact to Larry anymore.
Our experts already analyzed this traffic, and were able to
restore the beginning of a database file, which you can findhere
Your goal is to obtain a valid username - password - connect identifier in the following formdatabase_username/password@database_ip:port/database_name
This challenge fits in the Internet/Forensics section, so use google to find the right tool for it.
After you have found the tool, you need a lot of oracle dll's.
You can download it from Oracle official site (Oracle Database Client),
but I made a small client for this challenge, you can download it here:Oracle DLLs
On the headquarter you found some analyzed Oracle traffic, maybe it will help you to understand
more Oracle TNS traffic. You can download it here:example.txt
And the last information for you, is that the clients were connecting to the
database via IP tunneling, but the traffic was captured after the tunneling was terminated.
You don't have too much time to solve this, so you think brute force is not the way...
If you cannot find the tool, don't worry, you will find it
Sooner or Later :)