Penetration Testing mailing list archives
RE: Pen Testing an Oracle Database
From: "Aaron C. Newman" <aaron () newman-family com>
Date: Thu, 4 Oct 2001 16:38:57 -0400
You can use the beta version of DbDetective. It is in the early stages of development, but it does work. Download it from http://www.appsecinc.com/products/. It is a pen testing tools for Oracle - a small sample of what it does: - locates databases on the network even if they are not on the default port - determines the version of the database and listener service - brute forces the listener password - checks for default database passwords - enumerates database account - brute forces all database accounts found (including internal, sys as sysdba, etc...) - checks for known buffer overflows - checks for known denial of service accounts Any feedback on the product is appreciated. Regards, Aaron Newman CTO/Founder Application Security, Inc. www.appsecinc.com 212-490-6022 -Protection Where It Counts- -----Original Message----- From: pen-test-return-1101-aaron=newman-family.com () securityfocus com [mailto:pen-test-return-1101-aaron=newman-family.com () securityfocus com]O n Behalf Of Jason binger Sent: 03 October 2001 06:45 To: pen-test () securityfocus com Subject: Pen Testing an Oracle Database Does anyone have any command line equivalents of osql.exe for passing queries to an Oracle Database? Does anyone know of a decent brute force network password cracker for Oracle. Any other tools or techniques appreciated. Jason __________________________________________________ Do You Yahoo!? Listen to your Yahoo! Mail messages from any phone. http://phone.yahoo.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Pen Testing an Oracle Database Jason binger (Oct 04)
- RE: Pen Testing an Oracle Database Aaron C. Newman (Oct 04)
- RE: Pen Testing an Oracle Database Deniz CEVIK (Oct 05)