Penetration Testing mailing list archives
Re: Oracle Auditing
From: David Eduardo Acosta Rodríguez <david.acosta () internet-solutions com co>
Date: Wed, 3 Aug 2005 10:05:55 -0500
Good morning: You can use this scripts/tools for Oracle pen-testing: http://www.petefinnigan.com/sql.htm and http://www.petefinnigan.com/orasec.htm<- Miscellaneous scripts for Oracle http://www.appsecinc.com/products/appdetective/ <- Appdetective tool for vulnerability assessment in databases I used Database Scanner (ISS) but this product has been discontinued (I believe that it was replaced by Internet Scanner). Finally, look in http://www.orafaq.com/ and http://otn.oracle.com/deploy/security/oracle9i/pdf/9i_checklist.pdf Greetings, Ing. David E. Acosta R. Security Consultant - CISSP Internet Solutions Colombia "The Information Security Experts" http://www.internet-solutions.com.co david.acosta () internet-solutions com co ----- Original Message ----- From: "Joe T" <recommendeddosage () gmail com> To: <pen-test () securityfocus com> Sent: Tuesday, August 02, 2005 10:54 AM Subject: Oracle Auditing Good day, I should preface this message by saying that I have little to no experience with Oracle administration, and I'm looking to gain a bit of information. When performing some network scans, I notice that the Oracle database rarely has a password set for the tnslsnr account. From the Nessus scan results, I have learned that the database may be compromised because of this null password. I've searched the web, and the majority of the information I find talks about a DoS attack for Oracle 8. My question becomes: Has anyone exploited this misconfiguration, and if so - how? Is this an account that you can connect to without expensive Oracle software? Also, what other tools do you utilize to audit Oracle? Thank you, Joe ---------------------------------------------------------------------------- -- FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't Learn the hacker's secrets that compromise wireless LANs. Secure your WLAN by understanding these threats, available hacking tools and proven countermeasures. Defend your WLAN against man-in-the-Middle attacks and session hijacking, denial-of-service, rogue access points, identity thefts and MAC spoofing. Request your complimentary white paper at: http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801 ---------------------------------------------------------------------------- --- ------------------------------------------------------------------------------ FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't Learn the hacker's secrets that compromise wireless LANs. Secure your WLAN by understanding these threats, available hacking tools and proven countermeasures. Defend your WLAN against man-in-the-Middle attacks and session hijacking, denial-of-service, rogue access points, identity thefts and MAC spoofing. Request your complimentary white paper at: http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801 -------------------------------------------------------------------------------
Current thread:
- Oracle Auditing Joe T (Aug 02)
- RE: Oracle Auditing Clement Dupuis (Aug 02)
- Re: Oracle Auditing Joshua Wright (Aug 02)
- Re: Oracle Auditing DokFLeed (Aug 03)
- Re: Oracle Auditing Thor (Hammer of God) (Aug 03)
- RE: Oracle Auditing Erez (Aug 03)
- Re: Oracle Auditing David Eduardo Acosta Rodríguez (Aug 03)
- Re: Oracle Auditing Pete Finnigan (Aug 12)