Penetration Testing mailing list archives

Re: oracle tool

From: "James W. Abendschan" <jwa () jammed com>
Date: Thu, 7 Jun 2001 11:23:54 -0700 (PDT)

On Thu, 7 Jun 2001, Paulo Braga wrote:

Hello all!

Anybody have any tools to perform a brute-force atack on oracle databases? I
have use ISS Database Scanner but I want other tool on command line.


If you have access to the Oracle tools, it's fairly simple.  The sqlplus
command line client can be fed a username and password (either via the
environment or command line arguments, don't recall which); from there
it's easy to write a script to feed it a list of defaults
( http://www.phenoelit.de/dpl/dpl.html ) and display the results.

For something a little bit cleaner, you could roll a perl DBI + Oracle
grinder.  Unfortunately, you need the Oracle libraries to build & execute
the perl DBD driver.  (From what I recall, ISS Database Scanner has
a similar requirement.)

James, still looking for a reverse-engineered sqlnet implementation.

Current thread:

oracle tool Paulo Braga (Jun 07)
- Re: oracle tool Yvan Laverdiere (Jun 07)
- Re: oracle tool Talisker (Jun 07)
- Re: oracle tool James W. Abendschan (Jun 07)
  - Re: oracle tool Tom Vandepoel (Jun 08)
- Re: oracle tool spi (Jun 07)