[Previous entry: "3 new papers on Oracle forensics"] [Next entry: "A new Oracle Security Apprentice?"]
Oracle Assessment Toolkit
April 9th, 2007 by PeteDavid has released an Oracle Assessment Toolkit on his website. This is a set of tools compiled into binaries that also include the C source code. The real gem is the fact that David has included a C source TNS library. The whole OAK zip is beta so dont expect everything to be perfect and complete, david has said he will complete it, let give him chance.
The kit includes a tool to get oracle versions (this can be seen in the OHH as well for explanations), a tool to enumerate users in a database without authenticating. A password brute force tool, a tool to retrieve the SID's from the listener, a tool to guess SID's and an example of the Jan 2006 CPU DB18 AUTH_ALTER_SESSION hack.
Worth downloading and also keeping an eye on for fixes and updates.
