Metasploit 3.3, the leading exploit framework is out. Here an extract from the Metasploit blog:
„Oracle exploit support has been implemented through a tag-team effort between MC and Chris Gates, with assistance from Alexander Kornbrust. Oracle modules have been developed for exploiting TNS protocol stack and Web-based Oracle services, as well as post-authentication database-level privilege escalation flaws. “
Version 3.3. (release notes) is the largest known ruby application (375,000 lines of code) and comes with some new Oracle features
- Support for the Oracle InstantClient Ruby driver as an exploit mixin
- Extensive support for exploitation and post-exploitation tasks against Oracle databases
Have fun using Metasploit.