RE: Offense - Database tools

["Hackling, Matthew (AU - Melbourne)" <mhackling () deloitte com au>]

Hey Patrik Karlsson's MSSQL and Oracle tools rock from cqure.net

They are also teeny weeny and only require a classes.zip file to work.

The thing that sucks at the moment is DB2 connectivity.

Especially on linux :(

I've downloaded over 2Gb of .zip and .tar files recently trying to install the DB2 administration client on linux :(

Kind Regards,

Matthew Hackling


-----Original Message-----
From: Dave Aitel [mailto:dave () immunitysec com]
Sent: Sat 9/3/2005 6:42 AM
To: dailydave
Subject: [Dailydave] Offense
 
Justine (Immunity's CEO, who is not a US Citizen, it turns out) wrote an 
Oracle password checker for CANVAS recently. I'm about to throw it on 
the partner's page, but the basic theory I have is that 99% of your 
problems in an Oracle installation are you forgetting to change the 
100000 default passwords that come with various packages. It's weird how 
few attack tools work well against databases. Most of them require you 
install a five thousand cd package from Oracle to get connectivity.

All day long though, we've been reading the various articles on New 
Orleans, which you can only take like a body blow. It was 50/50 that we 
would have relocated to New Orleans, when we left NYC a few months ago. 
Not sure where we'd be now if we had chosen that instead of Miami. This 
is probably the most depressing article: 
http://news.independent.co.uk/world/americas/article309696.ece . 
Stratfor suggests you create a family-wide plan for relocation in the 
event of this sort of thing, with a backup spot to meet up. They say 
this reduces your anxiety by knowing that if you're all split up, you 
have positions you can recombine in, and you can worry instead about 
escape and staying alive. They also have a great article on the 
geopolitical importance of New Orleans, and the port there in 
particular, which, oddly enough, they had written a few volumns about 
before all this happend. I know some people (Richard Thieme, for 
example) noticed they have a spotty record on Japan, but they're a lot 
easier to read than CNN, where all you get is Bush coming home from 
vacation looking confused. I guess the basic theory here is that you 
can't JUST do offense.

Jared Diamond's[1] latest book "Collapse" goes in depth over how 
civilizations lose cities by destroying the environment around them. 
It's dry (want an in depth analysis of ranching and water use in 
Montana?), but worth a read if you're on a long plane flight and trying 
to understand the issues around these sorts of problems. It's good as a 
coping mechanism, say. It turns out that working through Microsoft 
Typelib[2] or Oracle's login protocol only helps so much.

-dave
[1] Pulitzer prize winning "Guns Germs and Steel", etc. He also wrote a 
good book on human evolution for people without anthropology or biology 
degrees. There's lots of weird nature shows on evolution on TV lately, 
as a response I assume to Kansas politicitans trying to prove how 
uneducated they are.
[2] Unmidl.py work - almost there. Hopefully done by HITB. Will GPL shortly.



This email and any attachments to it are confidential.  You must not use, disclose or act on the email if you are not 
the intended recipient.   Liability limited by a scheme approved under Professional Standards Legislation.  Deloitte is 
a member of Deloitte Touche Tohmatsu (a Swiss Verein).  As a Swiss Verein (association), neither Deloitte Touche 
Tohmatsu nor any of its member firms has any liability for each other's acts or omissions.  Each of the member firms is 
a separate and independent legal entity operating under the names "Deloitte", "Deloitte & Touche", "Deloitte Touche 
Tohmatsu", or other related names.  Services are provided by the member firms or their subsidiaries and affiliates and 
not by the Deloitte Touche Tohmatsu Verein.