Oracle Enumeration
> oracsec (http://www.woany.co.uk/oracsec/)
> Repscan (http://www.red-database-security.com/)
> Sidguess (http://www.red-database-security.com/)
> Scuba (http://www.imperva.com/products/scuba.html)
> WinSID (http://www.vulnerabilityassessment.co.uk/WinSID.zip)
> Oracle default password list (http://www.vulnerabilityassessment.co.uk/default_oracle_passwords.htm)
> TNSVer (http://www.ngssoftware.com/)
tnsver host [port]
> TCP Scan (http://www.vulnerabilityassessment.co.uk/tcp_scan.htm)
> Oracle TNSLSNR (http://www.dokfleed.net/duh/modules.php?name=News&file=article&sid=35)
Will respond to: [ping] [version] [status] [service] [change_password] [help] [reload] [save_config] [set log_directory] [set display_mode] [set log_file] [show] [spawn] [stop]
> TNSCmd (http://www.jammed.com/~jwa/hacks/security/tnscmd/tnscmd)
perl tnscmd.pl -h ip_address
perl tnscmd.pl version -h ip_address
perl tnscmd.pl status -h ip_address
perl tnscmd.pl -h ip_address --cmdsize (40 - 200)
> LSNrCheck (http://www.integrigy.com/security-resources/downloads/lsnrcheck-tool/)
> Oracle Security Check (needs credentials) (http://www.ensyncsolutions.com/downloads.html)
> OAT (http://www.cqure.net/wp/)
sh opwg.sh -s ip_address
opwg.bat -s ip_address
sh oquery.sh -s ip_address -u username -p password -d SID OR c:\oquery -s ip_address -u username -p password -d SID
> OScanner (http://www.cqure.net/wp/)
sh oscanner.sh -s ip_address
oscanner.exe -s ip_address
sh reportviewer.sh oscanner_saved_file.xml
reportviewer.exe oscanner_saved_file.xml
> NGS Squirrel for Oracle (http://www.ngssoftware.com/squirrelora.htm)
> Service Register (http://www.ngssoftware.com/)
Service-register.exe ip_address
> PLS QL Scanner 2008 (http://www.red-database-security.com/software/plsqlscanner.html)
Oracle Brute Force
> OAK (http://www.databasesecurity.com/dbsec/OAK.zip)
ora-getsid hostname port sid_dictionary_list
ora-auth-alter-session host port sid username password s q l
ora-brutesid host port start
ora-pwdbrute host port sid username password-file
ora-userenum host port sid userlistfile
ora-ver -e (-f -l -a) host port
> breakable (Targets Application Server Port) (http://www.ngssoftware.com/)
breakable.exe host url [port] [v]host ip_address of the Oracle Portal Serverurl PATH_INFO i.e. /pls/orassoport TCP port Oracle Portal Server is serving pages fromv verbose
> S Q LInjector (Targets Application Server Port) (http://www.ngssoftware.com/)
sq linjector -t ip_address -a database -f query.txt -p 80 -gc 200 -ec 500 -k NGS SOFTWARE -gt SQUIRREL
sq linjector.exe -t ip_address -p 7777 -a where -gc 200 -ec 404 -qf q.txt -f plsql.txt -s oracle
> Check Password (http://www.red-database-security.com/)
> orabf (http://freeworld.thc.org/thc-orakel/)
orabf [hash]:[username] [options]
> thc-orakel
Cracker
Client
Crypto
> DBVisualisor (http://www.codework.com/dbvis/product.html)
S q l scripts from pentest.co.uk (http://www.pentest.co.uk/)
Manual s q l input of previously reported vulnerabilties