Sie befinden sich in den Archiven der Kategorie software.
| M | D | M | D | F | S | S |
|---|---|---|---|---|---|---|
| « Aug | ||||||
| 1 | 2 | 3 | 4 | 5 | ||
| 6 | 7 | 8 | 9 | 10 | 11 | 12 |
| 13 | 14 | 15 | 16 | 17 | 18 | 19 |
| 20 | 21 | 22 | 23 | 24 | 25 | 26 |
| 27 | 28 | 29 | 30 | |||
- 11g (11)
- Allgemein (29)
- David Litchfield (7)
- Exploit (21)
- Forensics (5)
- Oracle Security (95)
- passwords (8)
- Repscan (1)
- Security (21)
- Sentrigo (5)
- software (9)
- source code audit (5)
- SQL Injection (24)
- Tools (24)
- Trainings (2)
- Tutorial (2)
- 5 Aug 2010: Oracle Presentations from Blackhat 2010 Las Vegas are online
- 18 Apr 2010: Blackhat 2010 Presentation "Oracle, Interrupted: Stealing Sessions and Credentials" online
- 15 Apr 2010: New fast Oracle DES password cracker OPS_SSE2
- 14 Apr 2010: Oracle 11g R2 client trojan warning from Antivir
- 13 Apr 2010: Python Source for PLSQL Unwrapper posted
- 13 Apr 2010: Oracle CPU April 2010 is out
- 13 Apr 2010: Improve Oracle TDE with Intel AES-NI
- 12 Apr 2010: Man-in-the-Middle attacks at upcoming Black Hat Europe
- 9 Apr 2010: Oracle CPU April 2010 - Prerelease
- 8 Apr 2010: Cool Web Application Scanner: Netsparker Community Edition
Oracle Security
SQL Injection
- August 2010
- April 2010
- März 2010
- Februar 2010
- Januar 2010
- Dezember 2009
- November 2009
- Oktober 2009
- September 2009
- August 2009
- Juli 2009
- Mai 2009
- April 2009
- März 2009
- Februar 2009
- Januar 2009
- Dezember 2008
- November 2008
- Oktober 2008
- August 2008
- Juli 2008
- Mai 2008
- April 2008
- März 2008
- Februar 2008
- Januar 2008
- Dezember 2007
- November 2007
- Oktober 2007
- September 2007
- August 2007
- Juli 2007
- Juni 2007
- Mai 2007
Archiv der Kategorie software
Cool Web Application Scanner: Netsparker Community Edition
8 Apr 2010 von Alexander Kornbrust.
Today I want to present the Netsparker Community Edition.
Netsparker (from Mavituna Security) is the best web application scanner I know. Easy to use and a really good web application scanning results. It saved me a lot of time and helped me to find security bugs in Oracle applications (Enterprise Manager).
The best thing: The new community edition is free (OK, with some limitations).
The commercial versions have even more interesting features like Time Based Blind SQL Injection, Remote Code Injection, OS Level Command Injection , CRLF / HTTP Header Injection / Response Splitting, …. The entire feature (and price) list is available here.
Here is a screenshot from Netsparker:
If you are interested just download the community edition.
Geschrieben in software, Security, Allgemein | Drucken | Keine Kommentare »
New Repscan 3.0 is available
23 Feb 2010 von Alexander Kornbrust.
The latest version 3.0 of our database scanner Repscan is now available. This new version supports MS SQL Server and Oracle databases. Repscan comes with a large amount of new features and a complete new GUI (First database scanner with Office-2007 UI).
Here some of the new features of Repscan 3.0:
- Support for MS SQL Server (2000, 2005, 2008)
- Extremely user-friendly database configuration wizard (screenshot)
- Flexible tree control (re-group databases by status, hierarchy, …) (screenshot)
- Database security browser with drill down functionality (PDF, XLS, … export) (screenshot, screenshot)
- New reports (performance, used_features, …)
- Data Discovery (SSN, PII, Creditcard, Passwords, …)
- Database Enumeration (custom, NMap support) (screenshot)
- Pentest Features (Guess SID, Check default username/password combinations, …)
- Exploit & Code Library (screenshot)
- Version and Patch Information
- Skins
Here some (old) features of Repscan:
- Password plugin architecture
- Password plugins for Oracle DES, SHA1, OID, APEX, OVS
- Commandline features
- PL/SQL Source Code Analysis Report
Here some statements of Repscan 3.0 users:
“Repscan Rocks”, “I must have this tool.”, “Very cool stuff”, “really like the clean interface… checks are great”, “…tend to be more Oracle security information hub than just scanner :-)”
Over the next few weeks I will show here more details of some Repscan 3.0 features.
If you want to test Repscan 3.0 you can download it from our exclusive distributor Sentrigo
Geschrieben in software, Tools, source code audit, Security, Oracle Security, Allgemein | Drucken | Keine Kommentare »
SQLMap 0.7-1 released
26 Jul 2009 von Alexander Kornbrust.
Bernardo Damele has released a new version of his SQL Injection Tool SQLMap 0.7.1. This version comes with new features like support for Mac OSX, support of Metasploit wrapping functions plus several bugfixes (changelog).
Geschrieben in SQL Injection, software | Drucken | Keine Kommentare »
SQLMap 0.7 rc is out
23 Apr 2009 von Alexander Kornbrust.
Yesterday Bernardo Damele released sqlmap 0.7 rc1 for Linux. This new version of SQLMap was published at the Blackhat Europe and allows the execution of OS commands on SQL Server, MySQL and Postgres.
Oracle is not part of it but I am quite sure sooner or later the execution of Oracle commands will be supported as well…
The blackhat presentation “Advanced SQL injection to operating system full control” is also available for download.
Geschrieben in Tools, SQL Injection, software, Security | Drucken | 1 Kommentar »
Pangolin 2.0.2.820 with enhanced Oracle support
20 Apr 2009 von Alexander Kornbrust.
Zwell has posted an entry on Full Disclosure (FD) about a new version of Pangolin. This new version comes with an enhanced Oracle support
[…]
Sometimes we meet Oracle database when we do web sql injection testing. All we do is to dump some data in the db. But you know what? Actually, we can do more and more operation of it, just like:
1. Fast data dumping even cannot use union select
2. Dump server information like : db name, sid, real internet ip address, user list, user hash and so on.
3. Execute PL/SQL
4. Privilege escalation
5. Crack user password
6. Execute system command
7. Install oracle rootkit
8. and so many others
Maybe you could say it cannot execute multi-sql through a single query. Don’t worry. There is a demo at http://down2.nosec.org/swf/pangolin_oracle.html, you can watch it and learn a lot of things about Oracle sql injection.
[…]
Most of the stuff is not new… (at least not for me)
1. Fast data dumping even cannot use union select
==>usage of utl_http to get additional data. A faster way getting all results from multiple queries in a single query is described in a blog entry here.
utl_http is often revoked from public for security reasons. The usage of httpuritype is normally more reliable from the security perspective.
2. Dump server information:
==> via sys_context function. That’s standard Oracle functionality. Nothing special.
3. Execute PL/SQL
==> Pangolin is doing this via an exploit in dbms_export_extension. The bug in dbms_export_extension is old but this exploit was new for me…
4. Privilege escalation
==> I guess they are doing this via the exploit in dbms_export_extension
5. Crack (Oracle database) user password
==> Matrixay is doing this since several years.
6. Execute OS commands
==> several techniques (create table, dbms_scheduler, extproc, java, oracle text, plsql_native_9, plsql_native_10, set_events) are available to do this. Via PL/SQL this is easy to achieve…
7. Install Oracle rootkit
==> yeah. Simple via plsql
Maybe you could say it cannot execute multi-sql through a single query.
==> Stacked queries are not possible in Oracle. Correct me if I’m wrong. You are using a PL/SQL Injection vulnerability in a SQL function. This is a small but important difference.
BTW. :
The current version of Pangolin is using Openssl to crack Oracle passwords but not adding the Openssl license to pangolin. This is a license violation of the OpenSSL license…
Here is a screen shot of Pangolin 2.0 (taken from the flash movie from the pangolin website):

Geschrieben in Tools, SQL Injection, software | Drucken | 1 Kommentar »

