RE: Oracle DB Audity

From: Chris McNab (chris.mcnab_at_trustmatta.com)
Date: 03/25/04

  • Next message: Lachniet, Mark: "RE: Pen-tester's analysis of .NET security?" 
    To: <pen-test@securityfocus.com>
Date: Thu, 25 Mar 2004 12:25:11 -0000

    Hi,

    For Oracle you have a few remote options. I'm assuming you have remote IP
    access to the TNS Listener, which if so, you can use tnscmd.pl to issue
    commands (if the default non-existent TNS Listener authentication model is
    in place), available from http://www.jammed.com/~jwa/hacks/security/tnscmd/.

    Oracle 8.1.7 is also susceptible to a remote COMMAND stack overflow
    (CVE-2001-0499) through the TNS Listener, and 8.1.6 and prior are
    susceptible to a file creation bug by changing the log_file variable on the
    server.

    One tool that nobody has mentioned is MetaCortex
    (http://www.metacoretex.com), which has a bunch of neat features including:

    - TCP bounce port scanning through the Oracle database using UTL_TCP
    - Oracle SID enumeration
    - Various TNS Listener probes, security settings, status, etc.

    Of course, this info is all taken from my forthcoming ORA book
    (http://www.oreilly.com/catalog/networksa/) ;]

    Chris

    Chris McNab
    Technical Director

    Matta Consulting Limited
    18 Noel Street
    London W1F 8GN

    08700 77 11 00

    ---------------------------------------------------------------------------
    You're a pen tester, but is google.com still your R&D team?
    Now you can get trustworthy commercial-grade exploits and the latest
    techniques from a world-class research group.
    www.coresecurity.com/promos/sf_ept1
    ----------------------------------------------------------------------------

  • Next message: Lachniet, Mark: "RE: Pen-tester's analysis of .NET security?"