Database Reference
In-Depth Information
As a beta tester for McAfee Database Scanner, that has been my commercial tool of preference, largely because
the vulnerabilities are up to date thanks to their good research team. McAfee security scanning can be integrated in
the database monitoring tool, which makes reporting and management a lot easier. See the following URL:
The generic attack process used by an attacker with a commercial scanner or their own tools is as follows:
1.
Reconnaissance
2.
Network mapping
3.
Port scanning and banner-grabbing a host
4.
Vulnerability identification
5.
Exploitation
6.
Privilege escalation
7.
Rootkit installation
8.
Hiding tracks
9.
Monitoring
10.
Using unauthorized privilege gained for benefit
Penetration Testing
If you would like to learn about pentesting Oracle, I suggest learning how to write your own scanner. I have done this
in Perl by putting together utilities that are freely available, such as nmap. Introducing the Perl Auditing Tool (PAT),
which scans a given Class C network on port 1521 to search for default accounts. The novel aspect is its ability to gain
the DB name by scraping the EM Database Control webpage for the DB SID and then to attempt defaults on that SID.
This is to be used only for auditing verification, not for nefarious purposes. Note that organizations will have internal
and external honeypots to catch unauthorized scanners. On the other side of the coin, it is a good idea to allow DBAs
to scan their network in order to verify compliance and licensing, so this can be used as an internal discovery tool. See
below for the code (available with the accompanying files at
http://oraclesecurity.com/patv2.zip
). Play gently.
#!/usr/bin/perl
#Paul's Audit Tool - with thanks to many contributors!
use strict;
use warnings;
use LWP::UserAgent;
use HTTP::Response;
use URI::Heuristic;
use Crypt::SSLeay;
tnsping_it(@ARGV);
sub tnsping_it
{
my ($TNSping);
my $subnet = shift or die "Usage: pat.pl [network] e.g. pat.pl 192.168.1. $0 date\n";
my $count=1;
my @OraResult;
