Penetration Testing mailing list archives
RE: oracle VA/PT
From: Michael Gargiullo <mgargiullo () pvtpt com>
Date: Fri, 30 Sep 2005 09:26:37 -0400
Maybe because the default listener port is 1521?
True, but he said it was a default install, and the nessus plugin usually will find it no matter what port. There's also App Detective, which looks promising, but $$$. -----Original Message----- From: Joshua Wright [mailto:jwright () hasborg com] Sent: Wednesday, September 28, 2005 7:53 AM To: Michael Gargiullo Cc: pen-test () securityfocus com Subject: Re: oracle VA/PT -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Michael Gargiullo wrote:
I find it strange that nessus didn't even see an open port on 1421.
Maybe because the default listener port is 1521?
There are a butt-load of Oracle plugins for nessus. More then 7 of
them
are for remote shells.
For Oracle VA scanning, I've had good experiences with the NGS SQuirreL product from NGSSoftware (http://www.ngssoftware.com/squirrelsql.htm). A free trial is available to test it out. - -Josh - -- - -Joshua Wright jwright () hasborg com 2005-2006 pgpkey: http://802.11ninja.net/pgpkey.htm fingerprint: F00E 7A42 8375 0C55 964F E5A4 4D2F 22F6 3658 A4BF Today I stumbled across the world's largest hotspot. The SSID is "linksys". -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) iD8DBQFDOoQtTS8i9jZYpL8RAjGyAKCRU7bODbC7joNE44vcfZnioYmeqACeItys dhBfcxIcPC/PH6wmJWKl0Xs= =wJSI -----END PGP SIGNATURE----- ------------------------------------------------------------------------ ------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ------------------------------------------------------------------------ ------- ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- RE: oracle VA/PT Michael Gargiullo (Oct 01)
- <Possible follow-ups>
- Re: oracle VA/PT Pete Finnigan (Oct 02)