You can use the beta version of DbDetective. It is in the early stages of development, but it does work. Download it from http://www.appsecinc.com/products/. It is a pen testing tools for Oracle - a small sample of what it does: - locates databases on the network even if they are not on the default port - determines the version of the database and listener service - brute forces the listener password - checks for default database passwords - enumerates database account - brute forces all database accounts found (including internal, sys as sysdba, etc...) - checks for known buffer overflows - checks for known denial of service accounts Any feedback on the product is appreciated. Regards, Aaron Newman CTO/Founder Application Security, Inc. www.appsecinc.com 212-490-6022 -Protection Where It Counts- -----Original Message----- From: pen-test-return-1101-aaron=newman-family.comat_private [mailto:pen-test-return-1101-aaron=newman-family.comat_private]O n Behalf Of Jason binger Sent: 03 October 2001 06:45 To: pen-testat_private Subject: Pen Testing an Oracle Database Does anyone have any command line equivalents of osql.exe for passing queries to an Oracle Database? Does anyone know of a decent brute force network password cracker for Oracle. Any other tools or techniques appreciated. Jason __________________________________________________ Do You Yahoo!? Listen to your Yahoo! Mail messages from any phone. http://phone.yahoo.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Thu Oct 04 2001 - 14:56:47 PDT