Sie befinden sich in den Archiven der Kategorie software.
| M | D | M | D | F | S | S |
|---|---|---|---|---|---|---|
| « Mai | ||||||
| 1 | 2 | 3 | 4 | 5 | 6 | |
| 7 | 8 | 9 | 10 | 11 | 12 | 13 |
| 14 | 15 | 16 | 17 | 18 | 19 | 20 |
| 21 | 22 | 23 | 24 | 25 | 26 | 27 |
| 28 | 29 | 30 | 31 | |||
- 10.2.0.4 (1)
- 11g (3)
- Allgemein (10)
- checkpwd (4)
- CPUApr2008 (3)
- CPUJan2008 (2)
- CPUJul2007 (3)
- CPUOct2007 (1)
- Database Vault (1)
- David Litchfield (4)
- Exploit (4)
- Forensics (3)
- Inguma (2)
- MacOS (1)
- Mary Ann (1)
- Oracle (2)
- Oracle Security (45)
- passwords (3)
- Podcast (1)
- rootkits (1)
- Security (9)
- Security Book (1)
- Sentrigo (1)
- software (2)
- Source Code Analysis (1)
- source code audit (3)
- SQL Injection (4)
- Trainings (1)
- 8 Mai 2008: Checkpwd 1.23 for MacOS Intel native released
- 16 Apr 2008: Oracle CPU April 2008 - Update
- 15 Apr 2008: Oracle Critical Patch Update April 2008 is out
- 11 Apr 2008: Looking Glass and Oracle 11g
- 11 Apr 2008: Oracle Critical Patch Update Pre-Release Announcement - April 2008
- 4 Mrz 2008: We proudly present: Anna Marie Kornbrust
- 4 Mrz 2008: Corba Exploit for VisiBroker published
- 25 Feb 2008: Oracle Patchset 10.2.0.4 is out
- 31 Jan 2008: First exploits for CPUJan2008 published
- 15 Jan 2008: Oracle Patch CPU January 2008 is out...
Archiv der Kategorie software
Inguma - Free Oracle Penetration Toolkit from Joxean Koret
20 Okt 2007 von Alexander Kornbrust.
Joxean Koret released version 0.05 of his free penetration toolkit called Inguma. This tool is also implementing an exploit for one of the bugs (LT.FINDRICSET) fixed in the October 2007 CPU.
The name Inguma is coming from the basque god of dreams who kills people while sleeping and, also, the one who make the nightmares.
Inguma, written in Phython, supports different systems (e.g. Oracle, SQL Server, SSH, Firewalls). The following features are Oracle specific:
* Added one exploit for the vulnerability in SYS.LT.FINDRICSET (Oracle CPU Oct. 2007).
* Added module “bruteora” to brute force Oracle servers. It will check
for every (commonly) possible user or for an specified user.
* Added a tool to crack MD5 hashes using freely available rainbow tables.
* Added module “sidguess” to guess the SID of an Oracle Database instance.
* Added a password cracker for Oracle11g.
* Enhanced the Oracle PL/SQL Fuzzer. Now, if you redirect the output
only the vulnerabilities found are logged, all the rest of the output
are written to stderr.
Here a screenshot from the tool on my Backtrack 2 system:

Well done Joxean.
Geschrieben in Inguma, software, Oracle Security, Allgemein | Keine Kommentare »
GOSS - GUI Oracle scanner
14 Okt 2007 von Alexander Kornbrust.
From time to time I’m doing research on Russian websites (with Google Translate) because you can find interesting information and tools. Last week I found a small program Oracle scanner called goss a GUI Oracle Scanner.

This tools contains features like getting the SID (similar to sidguess), password guessing, retrieve password hashes from the database, …

The output is displayed in a new window.

Some of the features in this tool where not working properly against my test databases.
Geschrieben in software, Security, Oracle Security, Allgemein | Keine Kommentare »