Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

Pentest on a Oracle 10g database

From: jvanheerden at gtsp.co.za (Jacques van Heerden)
Date: Wed, 26 Aug 2009 17:39:41 +0200
Greetings.

 

I am busy with a Pentest on a oracle database 10g that is located behind
a checkpoint firewall.

The goal is to see if this database can be exploited via the ports that
is open

 

My scenario:

 

My pc's  ----------- ------------Checkpoint Firewall
----------------Cisco content switch ---------------Oracle database.

 

Oracle database 10g  (10.1.3.4.0) running aix

TCP 12401, 12402, 12403,12404,12405 these ports are used for the remote
connections 

TCP 7777  , A version of apache is running on this port ,this is used
for the Enterprise Manager. I get a login prompt that prompt me for the
oc4jadmin password.

 

Here I tired some sql injections but no luck. 

 

The exploits that I have tried before is on port 1521, and these
exploits obviously does not work because they are being blocked by a
checkpoint firewall.

 

My Question:

Is there another way into this oracle database. Where can I find some
more ideas.

 

Thank you in advance.

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20090826/d7bcb7b6/attachment.html>
-------------- next part --------------
This email and any accompanying attachments may contain confidential and proprietary information. This information is 
private and protected by law and, accordingly, if you are not the intended recipient, you are requested to delete this 
entire communication immediately and are notified that any disclosure, copying or distribution of or taking any action 
based on this information is prohibited. Emails cannot be guaranteed to be secure or free of errors or viruses. The 
sender does not accept any liability or responsibility for any interception, corruption, destruction, loss, late 
arrival or incompleteness of or tampering or interference with any of the information contained in this email or for 
its incorrect delivery or non-delivery for whatsoever reason or for its effect on any electronic device of the 
recipient.
Previous By Date Next
Previous By Thread Next

Current thread: