Penetration Testing mailing list archives
RE: Oracle DB Audity
From: "Chris McNab" <chris.mcnab () trustmatta com>
Date: Thu, 25 Mar 2004 12:25:11 -0000
Hi, For Oracle you have a few remote options. I'm assuming you have remote IP access to the TNS Listener, which if so, you can use tnscmd.pl to issue commands (if the default non-existent TNS Listener authentication model is in place), available from http://www.jammed.com/~jwa/hacks/security/tnscmd/. Oracle 8.1.7 is also susceptible to a remote COMMAND stack overflow (CVE-2001-0499) through the TNS Listener, and 8.1.6 and prior are susceptible to a file creation bug by changing the log_file variable on the server. One tool that nobody has mentioned is MetaCortex (http://www.metacoretex.com), which has a bunch of neat features including: - TCP bounce port scanning through the Oracle database using UTL_TCP - Oracle SID enumeration - Various TNS Listener probes, security settings, status, etc. Of course, this info is all taken from my forthcoming ORA book (http://www.oreilly.com/catalog/networksa/) ;] Chris Chris McNab Technical Director Matta Consulting Limited 18 Noel Street London W1F 8GN 08700 77 11 00 --------------------------------------------------------------------------- You're a pen tester, but is google.com still your R&D team? Now you can get trustworthy commercial-grade exploits and the latest techniques from a world-class research group. www.coresecurity.com/promos/sf_ept1 ----------------------------------------------------------------------------
Current thread:
- Oracle DB Audity Doty, Stephen (BearingPoint) (Mar 24)
- RE: Oracle DB Audity Kelly Winters (Mar 24)
- Re: Oracle DB Audity Nexus (Mar 24)
- Re: Oracle DB Audity sil (Mar 24)
- RE: Oracle DB Audity Duy Trac (Mar 25)
- Re: Oracle DB Audity Rikard Skjelsvik (Mar 25)
- Re: Oracle DB Audity Pete Finnigan (Mar 25)
- <Possible follow-ups>
- RE: Oracle DB Audity Rosado, Rafael (Rafael) (Mar 24)
- RE: Oracle DB Audity Chris McNab (Mar 25)
- Re: Oracle DB Audity Scott Egbert (Mar 26)