Oracle Auditing

From: Joe T (recommendeddosage_at_gmail.com)
Date: 08/02/05

  • Next message: H D Moore: "Re: Security with USB Devices" 
    Date: Tue, 2 Aug 2005 11:54:33 -0400
To: pen-test@securityfocus.com

    Good day,

    I should preface this message by saying that I have little to no
    experience with Oracle administration, and I'm looking to gain a bit
    of information.

    When performing some network scans, I notice that the Oracle database
    rarely has a password set for the tnslsnr account. From the Nessus
    scan results, I have learned that the database may be compromised
    because of this null password. I've searched the web, and the majority
    of the information I find talks about a DoS attack for Oracle 8.

    My question becomes: Has anyone exploited this misconfiguration, and
    if so - how? Is this an account that you can connect to without
    expensive Oracle software?

    Also, what other tools do you utilize to audit Oracle?

    Thank you,

    Joe

    ------------------------------------------------------------------------------
    FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't

    Learn the hacker's secrets that compromise wireless LANs. Secure your
    WLAN by understanding these threats, available hacking tools and proven
    countermeasures. Defend your WLAN against man-in-the-Middle attacks and
    session hijacking, denial-of-service, rogue access points, identity
    thefts and MAC spoofing. Request your complimentary white paper at:

    http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
    -------------------------------------------------------------------------------

  • Next message: H D Moore: "Re: Security with USB Devices"

    Relevant Pages

    • RE: Oracle Auditing
      ... I notice that the Oracle database ... FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't ... WLAN by understanding these threats, ...
      (Pen-Test)
    • Re: Oracle Auditing
      ... You can use this scripts/tools for Oracle pen-testing: ... I used Database Scanner but this product has been discontinued (I ... FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't ... WLAN by understanding these threats, ...
      (Pen-Test)
    • Multiple DBMS Support
      ... multiple DBMS (MS Access, SQL Server, Oracle, etc.). ... white paper, etc.) that describes "best practices" ...
      (microsoft.public.dotnet.general)
    • Re: PLSQL/TSQL
      ... Tom ... >I actually did a webcast and white paper on this very ... Between Oracle and SQL ... > I support the Professional Association for SQL Server ...
      (microsoft.public.sqlserver.programming)
    • RE: All of the things you need to learn to be a pen-tester (Re: Pen t est basic needs)
      ... U will probably need to "morphine" your evil apps before you run them on an AV protected machine - download morphine from hxdef.org; might as well pick up a copy of hf's rootkit while your there... ... FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't ... WLAN by understanding these threats, ...
      (Pen-Test)
    • Quantcast