Penetration Testing mailing list archives
Re: oracle database scanner
From: Wendel Guglielmetti Henrique <wsguglielmetti () gmail com>
Date: Wed, 15 Dec 2010 11:34:23 -0600
Nice paper Raggo. ;) I also have one focused exclusively in Oracle, you may find it interesting. http://wsec.110mb.com/artigos/Wendel-YSTS09.pdf The DEMO videos are available here: http://wsec.110mb.com/papers.html If you are on to the middle of the connection, I suggest thicknet: https://www.trustwave.com/spiderLabs-tools.php My good friend and co-worker Steve O. wrote a nice intro about it, check please: http://blog.spiderlabs.com/2010/12/thicknet.html If you are looking a commercial tool for Oracle audit, I recommend RepScan. http://www.red-database-security.com/repscan.html I hope this helps. Best regards On Fri, Dec 3, 2010 at 5:21 PM, Raggo Michael-TCK748 <Mike.Raggo () motorola com> wrote:
Ryan, I have an Oracle (and SQL Server) pen testing presentation available from my site: http://www.spy-hunter.com/Database_Pen_Testing_ISSA_March_25_V2.pdf tnsping.exe is available in the oracle client install tnscmd is a perl script that will also poll for listeners and from the output you can decipher the oracle DB version. How to use tnscmd is outlined in my PPT, as well as how to decipher the version #. Have fun! Best Regards, - Mike Raggo -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Ryan Giobbi Sent: Wednesday, December 01, 2010 9:09 PM To: pen-test () securityfocus com Subject: oracle database scanner Hello, I'm looking for a scanner that can do remote connection to an Oracle listener or the operating server running the database and pull as much information about the Oracle patch level as possible. Ideally it'd be command line or have an API. It doesn't have to be free. I appreciate any suggestions. ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
-- Wendel Guglielmetti Henrique http://wsec.110mb.com/ - Personal HomePage ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- oracle database scanner Ryan Giobbi (Dec 02)
- Re: oracle database scanner The Dead (Dec 03)
- Re: oracle database scanner Nikhil Wagholikar (Dec 03)
- Re: oracle database scanner Todd Hughes (Dec 03)
- RE: oracle database scanner K K Mookhey (Dec 03)
- RE: oracle database scanner Raggo Michael-TCK748 (Dec 06)
- Re: oracle database scanner Wendel Guglielmetti Henrique (Dec 17)
- Re: oracle database scanner Rorym Forums (Dec 06)
- <Possible follow-ups>
- RE: oracle database scanner Syed Khaden (Dec 06)