RE: oracle VA/PT

From: Michael Gargiullo (mgargiullo@pvtpt.com)
Date: Fri Sep 30 2005 - 09:26:37 EDT

• Next message: Kyle Starkey: "ARP Spoofing and Routing"
• Previous message: Tim Hurman: "Re: Exploring Windows CE Shellcode"
• Maybe in reply to: Massimo: "oracle VA/PT"
• Next in thread: Pete Finnigan: "Re: oracle VA/PT"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

> Maybe because the default listener port is 1521?

True, but he said it was a default install, and the nessus plugin
usually will find it no matter what port.

There's also App Detective, which looks promising, but $$$.

-----Original Message-----
From: Joshua Wright [mailto:jwright@hasborg.com]
Sent: Wednesday, September 28, 2005 7:53 AM
To: Michael Gargiullo
Cc: pen-test@securityfocus.com
Subject: Re: oracle VA/PT

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Michael Gargiullo wrote:
> I find it strange that nessus didn't even see an open port on 1421.

Maybe because the default listener port is 1521?

> There are a butt-load of Oracle plugins for nessus. More then 7 of
them
> are for remote shells.

For Oracle VA scanning, I've had good experiences with the NGS SQuirreL
product from NGSSoftware (http://www.ngssoftware.com/squirrelsql.htm).

A free trial is available to test it out.

- -Josh
- --
- -Joshua Wright
jwright@hasborg.com

2005-2006 pgpkey: http://802.11ninja.net/pgpkey.htm
fingerprint: F00E 7A42 8375 0C55 964F E5A4 4D2F 22F6 3658 A4BF

Today I stumbled across the world's largest hotspot. The SSID is
"linksys".
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)

iD8DBQFDOoQtTS8i9jZYpL8RAjGyAKCRU7bODbC7joNE44vcfZnioYmeqACeItys
dhBfcxIcPC/PH6wmJWKl0Xs=
=wJSI
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on
your
website. Up to 75% of cyber attacks are launched on shopping carts,
forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers
are
futile against web application hacking. Check your website for
vulnerabilities
to SQL injection, Cross site scripting and other web attacks before
hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
------------------------------------------------------------------------
-------

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Next message: Kyle Starkey: "ARP Spoofing and Routing"
• Previous message: Tim Hurman: "Re: Exploring Windows CE Shellcode"
• Maybe in reply to: Massimo: "oracle VA/PT"
• Next in thread: Pete Finnigan: "Re: oracle VA/PT"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:01 EDT