From: Pete Finnigan (plsql@peterfinnigan.demon.co.uk)
Date: Sun Oct 02 2005 - 17:08:49 EDT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Massimo,
I have found that there are not many Oracle checks that come with nessus
compared to the number of issues that are known about Oracle. Quite a
lot of them also only get the version number from the listener to
establish if a vulnerability exists. I am not aware that any nessus
plug-in checks default users. There is a tool on my site at http://www.p
etefinnigan.com/default/default_password_checker.htm that can be used to
check default passwords. Someone mentioned Alex's checkpwd which is
excellent, you should also try out orabf from toolcrypt.org which flies
in brute force mode. There is an interesting thread about this tool
including some timings and analysis of its approach to brute force
attacks - http://www.petefinnigan.com/forum/yabb/YaBB.cgi?board=tools_fr
ee;action=display;num=1125314244 - beware URL wrap.
Patrik's tools are also excellent - http://www.cqure.net also the
Integrigy listener audit tool is excellent. Its at http://www.integrigy.
com/downloads/lsnrcheck.exe - Tim Gorman has some good shell scripts
that can be used to find Oracle databases on a server. Sorry cannot
remember the link, its on http://www.petefinnigan.com/tools.htm which
lists every free and commercial Oracle security tool I know of.
hth
Kind regards
Pete
In article <4338C558.5050706@quipo.it>, Massimo <massimo.mail@quipo.it>
writes
>Hi to all.
>
>Some day ago I was quite surprised to see that on a server that was
>scanned with nessus and with emaze scanner that revealed no relevant
>security hole, there was oracle installed and active with all the
>default oracle user/password activated (i.e. system/manager,
>scott/tiger, etc).
>
>What VA tool can find default user on oracle? Is it possible to find
>that info with Nessus (perhaps I can't use it at its best)?
>
>Best Regards,
> Massimo
>PS
>I usually activate all the check on nessus and emaze.
>
>------------------------------------------------------------------------------
>Audit your website security with Acunetix Web Vulnerability Scanner:
>
>Hackers are concentrating their efforts on attacking applications on your
>website. Up to 75% of cyber attacks are launched on shopping carts, forms,
>login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
>futile against web application hacking. Check your website for vulnerabilities
>to SQL injection, Cross site scripting and other web attacks before hackers do!
>Download Trial at:
>
>http://www.securityfocus.com/sponsor/pen-test_050831
>-------------------------------------------------------------------------------
>
- --
Pete Finnigan (email:pete@petefinnigan.com)
Oracle Security Web Site: http://www.petefinnigan.com
Oracle Security Forum: http://www.petefinnigan.com/forum/yabb/YaBB.cgi
Oracle security blog: http://www.petefinnigan.com/weblog/entries/index.html
Book:Oracle security step-by-step Guide - see http://store.sans.org for details.
-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1
iQA/AwUBQ0BMYR8NhIrQBdnFEQJkWQCdHhR92CF29bWqcEwNVs9Gz8LgGRAAmgLl
k9HKCtlq0H6ff8o/ylrXmB6Y
=1ecJ
-----END PGP SIGNATURE-----
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:01 EDT