Metasploit mailing list archives
Pentest on a Oracle 10g database
From: jvanheerden at gtsp.co.za (Jacques van Heerden)
Date: Wed, 26 Aug 2009 17:39:41 +0200
Greetings. I am busy with a Pentest on a oracle database 10g that is located behind a checkpoint firewall. The goal is to see if this database can be exploited via the ports that is open My scenario: My pc's ----------- ------------Checkpoint Firewall ----------------Cisco content switch ---------------Oracle database. Oracle database 10g (10.1.3.4.0) running aix TCP 12401, 12402, 12403,12404,12405 these ports are used for the remote connections TCP 7777 , A version of apache is running on this port ,this is used for the Enterprise Manager. I get a login prompt that prompt me for the oc4jadmin password. Here I tired some sql injections but no luck. The exploits that I have tried before is on port 1521, and these exploits obviously does not work because they are being blocked by a checkpoint firewall. My Question: Is there another way into this oracle database. Where can I find some more ideas. Thank you in advance. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.metasploit.com/pipermail/framework/attachments/20090826/d7bcb7b6/attachment.html> -------------- next part -------------- This email and any accompanying attachments may contain confidential and proprietary information. This information is private and protected by law and, accordingly, if you are not the intended recipient, you are requested to delete this entire communication immediately and are notified that any disclosure, copying or distribution of or taking any action based on this information is prohibited. Emails cannot be guaranteed to be secure or free of errors or viruses. The sender does not accept any liability or responsibility for any interception, corruption, destruction, loss, late arrival or incompleteness of or tampering or interference with any of the information contained in this email or for its incorrect delivery or non-delivery for whatsoever reason or for its effect on any electronic device of the recipient.
Current thread:
- Pentest on a Oracle 10g database Jacques van Heerden (Aug 26)