Penetration Testing mailing list archives

Re: oracle VA/PT


From: Pete Finnigan <plsql () peterfinnigan demon co uk>
Date: Sun, 2 Oct 2005 22:08:49 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Massimo,

I have found that there are not many Oracle checks that come with nessus
compared to the number of issues that are known about Oracle. Quite a
lot of them also only get the version number from the listener to
establish if a vulnerability exists. I am not aware that any nessus
plug-in checks default users. There is a tool on my site at http://www.p
etefinnigan.com/default/default_password_checker.htm that can be used to
check default passwords. Someone mentioned Alex's checkpwd which is
excellent, you should also try out orabf from toolcrypt.org which flies
in brute force mode. There is an interesting thread about this tool
including some timings and analysis of its approach to brute force
attacks - http://www.petefinnigan.com/forum/yabb/YaBB.cgi?board=tools_fr
ee;action=display;num=1125314244 - beware URL wrap. 

Patrik's tools are also excellent - http://www.cqure.net also the
Integrigy listener audit tool is excellent. Its at http://www.integrigy.
com/downloads/lsnrcheck.exe - Tim Gorman has some good shell scripts
that can be used to find Oracle databases on a server. Sorry cannot
remember the link, its on http://www.petefinnigan.com/tools.htm which
lists every free and commercial Oracle security tool I know of. 

hth

Kind regards

Pete

In article <4338C558.5050706 () quipo it>, Massimo <massimo.mail () quipo it>
writes
Hi to all.

Some day ago I was quite surprised to see that on a server that was 
scanned with nessus and with emaze scanner that revealed no relevant 
security hole, there was oracle installed and active with all the 
default oracle user/password activated (i.e. system/manager, 
scott/tiger, etc).

What VA tool can find default user on oracle? Is it possible to find 
that info with Nessus (perhaps I can't use it at its best)?

Best Regards,
              Massimo
PS
I usually activate all the check on nessus and emaze.

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------


- -- 
Pete Finnigan (email:pete () petefinnigan com)
Oracle Security Web Site: http://www.petefinnigan.com
Oracle Security Forum: http://www.petefinnigan.com/forum/yabb/YaBB.cgi
Oracle security blog: http://www.petefinnigan.com/weblog/entries/index.html
Book:Oracle security step-by-step Guide - see http://store.sans.org for details.

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1

iQA/AwUBQ0BMYR8NhIrQBdnFEQJkWQCdHhR92CF29bWqcEwNVs9Gz8LgGRAAmgLl
k9HKCtlq0H6ff8o/ylrXmB6Y
=1ecJ
-----END PGP SIGNATURE-----


------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------


Current thread: