Call: +44 (0)1904 557620 Call
Blog

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "The right way to secure Oracle slides available"] [Next entry: "Bypassing VPD through inference"]

Hacking Oracle made easy



Chris Gates will release and demonstrate a new version of metaploit at Black Hat to show how Oracle can be attacked and hacked remotely. The presentation will be followed by the release of this version of Metasploit. Chris Gates demonstrated some of the ideas in February and http://it.toolbox.com/blogs/managing-infosec/hacking-oracle-with-metasploit-29936 - (broken link) he posted a video about this at that time - i mentioned it here at the time also.

The tool automates the attack against Oracle by first brute forcing/guessing the SID, then username/password and then by running various exploits.

There is a nice article also on Reuters talking about the presentation called "Hacking Oracle's database will soon get easier"

There has been 2 Comments posted on this article


July 24th, 2009 at 03:31 pm

Pete Finnigan says:

its actually just some auxiliary modules not a new version of metasploit.



July 27th, 2009 at 08:56 am

Pete Finnigan says:

Thanks for your comment Chris; yes i appreciated that it was new auxiliary modules; my words were really meant to convey that you are releasing the modules and it sounded easier to say its a new version, so that readers appreciate the specific new modules and the specific target that is relevant here.

Thanks Chris

cheers

pete