Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Testing ORACLE application

From: "Rodrigo Montoro (Sp0oKeR)" <spooker () gmail com>
Date: Mon, 7 Jan 2008 16:47:45 -0200
Hacking Oracle with Backtrack
http://www.red-database-security.com/wp/itu2007.pdf

THC has a cracker too
http://freeworld.thc.org/thc-orakelcrackert11g/


http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html has a
lot of oracle test too.


Regards,

Rodrigo Montoro (Sp0oKeR)


On Jan 3, 2008 5:55 PM, Victor Stinner <victor.stinner () haypocalc com> wrote:

Hi,

On Wednesday 02 January 2008 11:01:33 ahgaber_rehan () yahoo com wrote:

I am in process of testing some web based oracle applications, I need to
know what has to be tested and recommended tools I can use.

Simply ( pen testing guide for ORACLE application)


A friend pointed by to Inguma, fuzzer which targets especially Oracle:
   http://inguma.sourceforge.net/

See for example this video:
   http://inguma.sourceforge.net/text/inguma_text.html

We can see commands to: scan port, guess Oracle version, guess SID, bruteforce
password, ...

Victor
http://fusil.hachoir.org/ -- new release (0.7) of the fuzzer today


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------






-- 
=========================
     Rodrigo Ribeiro Montoro
      Analista de Segurança
    SnortCP / RHCE / LPIC-I
 http://spookerlabs.multiply.com
=========================
Previous By Date Next
Previous By Thread Next

Current thread: