Re: oracle VA/PT

From: jd (jd@labgeek.net)
Date: Wed Sep 28 2005 - 19:16:02 EDT

• Next message: n0g0o13: "Re: DCOM Security."
• Previous message: Justin Ferguson: "Re: Exploring Windows CE Shellcode"
• In reply to: Massimo: "oracle VA/PT"
• Next in thread: Michael Gargiullo: "RE: oracle VA/PT"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

You can get OAT (oracle auditing tool) at cqure.net
[http://www.cqure.net/tools.jsp?id=7] or look at the myriad of tools at
pete finnegan's site [http://www.petefinnigan.com/tools.htm].
Additionally, cqure offers a GETSIDS program as well....

Another good paper regarding oracle pen testing is:
http://www.pentest.co.uk/documents/oracle-security.htm
enjoy, jd

Massimo wrote:

> Hi to all.
>
> Some day ago I was quite surprised to see that on a server that was
> scanned with nessus and with emaze scanner that revealed no relevant
> security hole, there was oracle installed and active with all the
> default oracle user/password activated (i.e. system/manager,
> scott/tiger, etc).
>
> What VA tool can find default user on oracle? Is it possible to find
> that info with Nessus (perhaps I can't use it at its best)?
>
> Best Regards,
> Massimo
> PS
> I usually activate all the check on nessus and emaze.
>
> ------------------------------------------------------------------------------
>
> Audit your website security with Acunetix Web Vulnerability Scanner:
> Hackers are concentrating their efforts on attacking applications on
> your website. Up to 75% of cyber attacks are launched on shopping
> carts, forms, login pages, dynamic content etc. Firewalls, SSL and
> locked-down servers are futile against web application hacking. Check
> your website for vulnerabilities to SQL injection, Cross site
> scripting and other web attacks before hackers do! Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> -------------------------------------------------------------------------------
>
>

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Next message: n0g0o13: "Re: DCOM Security."
• Previous message: Justin Ferguson: "Re: Exploring Windows CE Shellcode"
• In reply to: Massimo: "oracle VA/PT"
• Next in thread: Michael Gargiullo: "RE: oracle VA/PT"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:00 EDT