Penetration Testing mailing list archives

Re: oracle VA/PT

From: jd <jd () labgeek net>
Date: Wed, 28 Sep 2005 19:16:02 -0400

You can get OAT (oracle auditing tool) at cqure.net[http://www.cqure.net/tools.jsp?id=7] or look at the myriad of tools atpete finnegan's site [http://www.petefinnigan.com/tools.htm].Additionally, cqure offers a GETSIDS program as well....


Another good paper regarding oracle pen testing is:
http://www.pentest.co.uk/documents/oracle-security.htm
enjoy, jd


Massimo wrote:

Hi to all.
Some day ago I was quite surprised to see that on a server that wasscanned with nessus and with emaze scanner that revealed no relevantsecurity hole, there was oracle installed and active with all thedefault oracle user/password activated (i.e. system/manager,scott/tiger, etc).
What VA tool can find default user on oracle? Is it possible to findthat info with Nessus (perhaps I can't use it at its best)?
Best Regards,
        Massimo
PS
I usually activate all the check on nessus and emaze.
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications onyour website. Up to 75% of cyber attacks are launched on shoppingcarts, forms, login pages, dynamic content etc. Firewalls, SSL andlocked-down servers are futile against web application hacking. Checkyour website for vulnerabilities to SQL injection, Cross sitescripting and other web attacks before hackers do! Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------



------------------------------------------------------------------------------

Audit your website security with Acunetix Web Vulnerability Scanner:Hackers are concentrating their efforts on attacking applications on yourwebsite. Up to 75% of cyber attacks are launched on shopping carts, forms,login pages, dynamic content etc. Firewalls, SSL and locked-down servers arefutile against web application hacking. Check your website for vulnerabilitiesto SQL injection, Cross site scripting and other web attacks before hackers do!Download Trial at:


http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

Current thread:

oracle VA/PT Massimo (Sep 27)
- Re: oracle VA/PT Lukasz Szczepanski (Sep 28)
- Re: oracle VA/PT jd (Sep 29)
- <Possible follow-ups>
- RE: oracle VA/PT Josh Perrymon (Sep 28)
  - RE: oracle VA/PT Gus Fritschie (Sep 29)
- RE: oracle VA/PT Josh Perrymon (Sep 28)
- RE: oracle VA/PT Michael Gargiullo (Sep 28)
  - Re: oracle VA/PT Joshua Wright (Sep 29)