RE: oracle database scanner

---

• From: "Raggo Michael-TCK748" <Mike.Raggo@xxxxxxxxxxxx>
• Date: Fri, 3 Dec 2010 18:21:41 -0500

---

Ryan,

I have an Oracle (and SQL Server) pen testing presentation available
from my site:

http://www.spy-hunter.com/Database_Pen_Testing_ISSA_March_25_V2.pdf

tnsping.exe is available in the oracle client install

tnscmd is a perl script that will also poll for listeners and from the
output you can decipher the oracle DB version.

How to use tnscmd is outlined in my PPT, as well as how to decipher the
version #.

Have fun!

Best Regards,

- Mike Raggo

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of Ryan Giobbi
Sent: Wednesday, December 01, 2010 9:09 PM
To: pen-test@xxxxxxxxxxxxxxxxx
Subject: oracle database scanner

Hello,

I'm looking for a scanner that can do remote connection to an Oracle
listener or the operating server running the database and pull as much
information about the Oracle patch level as possible. Ideally it'd be
command line or have an API. It doesn't have to be free.

I appreciate any suggestions.

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review
Board

Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs require
a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

---

• Follow-Ups:
  • Re: oracle database scanner
    • From: Wendel Guglielmetti Henrique

• References:
  • oracle database scanner
    • From: Ryan Giobbi

• Prev by Date: Re: Passive PenTesting
• Next by Date: Re: keyloggers
• Previous by thread: RE: oracle database scanner
• Next by thread: Re: oracle database scanner
• Index(es):
  • Date
  • Thread

---

Relevant Pages RE: ORDER BY sql injection help ... For oracle after an ORDER BY you can inject something like: ... I can also get ORA errors, so I know I have direct access to the SQL query. ... Information Assurance Certification Review Board ... (Pen-Test) Re: Oracle? ... Here is a good tutorial on pentesting Oracle with the tools provided ... Information Assurance Certification Review Board ... IACRB CPT and CEPT certs require a full practical examination in order to become certified. ... (Pen-Test) Re: oracle database scanner ... Metasploit has a modules called oraenum which is designed to pull information from oracle systems. ... Information Assurance Certification Review Board ... IACRB CPT and CEPT certs require a full practical examination in order to become certified. ... (Pen-Test) Re: oracle database scanner ... I'm looking for a scanner that can do remote connection to an Oracle ... Information Assurance Certification Review Board ... IACRB CPT and CEPT certs require a full practical examination in order to become certified. ... (Pen-Test) RE: Profiling a Networks Infrastructure ... Subject: Profiling a Networks Infrastructure ... the specific oracle port with a banner read (and traceroute the whole ... output to XML and let nmap map it for you in the gui!) ... Information Assurance Certification Review Board ... (Pen-Test)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > pen-test  > 2010-12