RE: oracle database scanner



Ryan,

I have an Oracle (and SQL Server) pen testing presentation available
from my site:

http://www.spy-hunter.com/Database_Pen_Testing_ISSA_March_25_V2.pdf

tnsping.exe is available in the oracle client install

tnscmd is a perl script that will also poll for listeners and from the
output you can decipher the oracle DB version.

How to use tnscmd is outlined in my PPT, as well as how to decipher the
version #.

Have fun!

Best Regards,

- Mike Raggo

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of Ryan Giobbi
Sent: Wednesday, December 01, 2010 9:09 PM
To: pen-test@xxxxxxxxxxxxxxxxx
Subject: oracle database scanner

Hello,

I'm looking for a scanner that can do remote connection to an Oracle
listener or the operating server running the database and pull as much
information about the Oracle patch level as possible. Ideally it'd be
command line or have an API. It doesn't have to be free.

I appreciate any suggestions.

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review
Board

Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs require
a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------