
There are 63 visitors online
Services \| Portal \| White Papers \| Scripts \| Tools \| Newsletter \| Information \| Alerts \| Search \| Weblog / Forum \| What's New About Us Consulting Services Training Courses Oracle Security Research Database Policy Partners Products Careers Pete Finnigan Contact Details Events Oracle Security Database Security Database Software Security Web Development Programming Off Topic Oracle Security Oracle Security (Page 2) Others Ramblings Oracle Security Tips SQL and PL/SQL Unix Tools Audit Tools Default Password Checker Default Password List Oracle Security Scanner Subscribe Un-Subscribe Recent Newsletters Web Links Books Oracle Newsgroups Oracle Blogs Oracle news Feedback / Enquiries Guestbook Site Map Site Statistics WebLog Forum Security Issues Database What's New Register for Updates PeteFinnigan.com in the news

Pete Finnigan's Oracle security weblog

Home » Archives » July 2009 » Hacking Oracle made easy

[Previous entry: "The right way to secure Oracle slides available"] [Next entry: "Bypassing VPD through inference"]

Hacking Oracle made easy

July 24th, 2009 by Pete

Post to del.icio.us Post to Furl

Chris Gates will release and demonstrate a new version of metaploit at Black Hat to show how Oracle can be attacked and hacked remotely. The presentation will be followed by the release of this version of Metasploit. Chris Gates demonstrated some of the ideas in February and he posted a video about this at that time - i mentioned it here at the time also.

The tool automates the attack against Oracle by first brute forcing/guessing the SID, then username/password and then by running various exploits.

There is a nice article also on Reuters talking about the presentation called "Hacking Oracle's database will soon get easier"

There has been 2 Comments posted on this article

July 24th, 2009 at 03:31 pm

CG says:

its actually just some auxiliary modules not a new version of metasploit.

July 27th, 2009 at 08:56 am

Pete Finnigan says:

Thanks for your comment Chris; yes i appreciated that it was new auxiliary modules; my words were really meant to convey that you are releasing the modules and it sounded easier to say its a new version, so that readers appreciate the specific new modules and the specific target that is relevant here.

Thanks Chris

cheers

pete

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

Weblog Home
Weblog Archives

Oracle Security Step-by-Step (Version 2.0)

Home
Oracle Security Tools page
Oracle security papers
Oracle Security alerts

Web Development
SQL Server Security