Call: +44 (0)7759 277220 Call
Forum

Welcome, Guest. Please Login.
Nov 23rd, 2024, 7:48pm
News: If you would like to register contact the forum admin
Home | Help | Search | Members | Login
   Pete Finnigan's Oracle Security Forum
   Oracle Security
   Oracle Security tools
(Moderator: Pete Finnigan)
   Oracle password cracker written in PL/SQL
« Previous topic | Next topic »
Pages: 1  Reply | Notify of replies | Send Topic | Print
   Author  Topic: Oracle password cracker written in PL/SQL  (Read 34977 times)
Pete Finnigan
PeteFinnigan.com Administrator
*****




Oracle Security is easier if you design for it

   
View Profile | WWW | Email

Gender: male
Posts: 309
Oracle password cracker written in PL/SQL
« on: Oct 1st, 2008, 9:39am »
Quote | Modify

Hi Guys,  
 
I have just released a free Oracle password cracker written completely in PL/SQL on my website. The reason for doing this is to try and encourage people to "test" passwords for strength in their own databases. I am not seeing any real improvements in password strength generally across the industry over the last 8 years.  
 
It is not the intention to replace the fast C based crackers such as woraauthbf but instead to suppliment it. In my experience I find that people have not covered the bases yet, that is they still have passwords set to usernames, passwords set to defaults and also extremely weak passwords.  
 
I often suggest to people to download binary based crackers but there is often a reticence to do this. Hence I decided to create a PL/SQL based one. This way there is no excuse, its a SQL script that can be run in SQL*Plus and also its going to find the core issues anyway before you need a faster cracker.  
 
Some details on how it works and what it does are included in the page http://www.petefinnigan.com/oracle_password_cracker.htm for the cracker. You can also download it from the same page.  
 
hope its useful  
 
cheers  
 
Pete
IP Logged

Pete Finnigan (email:pete@petefinnigan.com)
Oracle Security Web site: http://www.petefinnigan.com
Forum: http://www.petefinnigan.com/forum/yabb/YaBB.cgi
Oracle security blog: http://www.petefinnigan.com/weblog/entries/index.html
Pete Finnigan
PeteFinnigan.com Administrator
*****




Oracle Security is easier if you design for it

   
View Profile | WWW | Email

Gender: male
Posts: 309
Re: Oracle password cracker written in PL/SQL
« Reply #1 on: Oct 29th, 2008, 8:46pm »
Quote | Modify

We just ran your latest version of this tool in a non-production instance.  We have 247 accounts and it took about 5 hours for the script to run.  We had a few accounts cracked with default passwords (which we'll change!) but no cracks for dictionary words or through brute force.  Are the dictionary words used for the dictionary crack attempt limited to the 47 words in the script?  What about the brute force crack; how is that working?  Would you recommend pointing to an extenal dictionary file with compiled hashes for both dictionary and brute force crack attempts?  Thanks!
 
 
IP Logged

Pete Finnigan (email:pete@petefinnigan.com)
Oracle Security Web site: http://www.petefinnigan.com
Forum: http://www.petefinnigan.com/forum/yabb/YaBB.cgi
Oracle security blog: http://www.petefinnigan.com/weblog/entries/index.html
Pete Finnigan
PeteFinnigan.com Administrator
*****




Oracle Security is easier if you design for it

   
View Profile | WWW | Email

Gender: male
Posts: 309
Re: Oracle password cracker written in PL/SQL
« Reply #2 on: Nov 5th, 2008, 4:40pm »
Quote | Modify

Hi,
 
Sorry for the delay, I have been working abroad for the last few days.
 
The dictionary included with the cracker is simple. You can easily extend it using any dictionary you can find on the net. An alternate solution is to read in the dictionary from a table in the database.  
 
Pre-compiling hashes is not really practical in this case. That is what rainbow tools do in essence.
 
The brute force is only to 4 characters and that part is what took the most of your five hours. This tool is no where near as fast as tools such as woraauthbf and it is not intended to be as I have stated previously the main focus of this tool is to get people to find the basics, i.e. password=username, password=default, password=dictionary word. It is intended to get people to do the checks without the need of a binary tool. You should, once you have started the process with this cracker at some point move to a much faster tool such as woraauthbf.
 
You can change the brute force by changing the number of characters it brute forces to.
 
hope this helps
 
cheers
 
Pete
IP Logged

Pete Finnigan (email:pete@petefinnigan.com)
Oracle Security Web site: http://www.petefinnigan.com
Forum: http://www.petefinnigan.com/forum/yabb/YaBB.cgi
Oracle security blog: http://www.petefinnigan.com/weblog/entries/index.html
Pete Finnigan
PeteFinnigan.com Administrator
*****




Oracle Security is easier if you design for it

   
View Profile | WWW | Email

Gender: male
Posts: 309
Re: Oracle password cracker written in PL/SQL
« Reply #3 on: Nov 13th, 2008, 12:05pm »
Quote | Modify

Hi,
 
I tried to use this cracker but I had some errors from SQLPLUS :  
 
SQL> start cracker-v2.0.sql
      from sys.user$
     *
ERROR at line 295:
ORA-06550: line 295, column 12:
PL/SQL: ORA-00942: table or view does not exist
ORA-06550: line 289, column 3:
PL/SQL: SQL Statement ignored
ORA-06550: line 305, column 7:
PLS-00364: loop index variable 'LV_USER' use is invalid
ORA-06550: line 305, column 4:
PL/SQL: Statement ignored
ORA-06550: line 310, column 7:
PLS-00364: loop index variable 'LV_USER' use is invalid
ORA-06550: line 310, column 4:
PL/SQL: Statement ignored
ORA-06550: line 330, column 8:
PLS-00364: loop index variable 'LV_USER' use is invalid
ORA-06550: line 330, column 4:
PL/SQL: Statement ignored
ORA-06550: line 334, column 32:
PLS-00364: loop index variable 'LV_USER' use is invalid
ORA-06550: line 334, column 4:
PL/SQL: Statement ignored
ORA-06550: line 335, column 36:
PLS-00364: loop index variable 'LV_USER' use is invalid
ORA-06550: line 335, column 4:
PL/SQL: Statement ignored
 
is it due to my version ? :  
 
Oracle9i Release 9.2.0.1.0 - Production
PL/SQL Release 9.2.0.1.0 - Production
CORE    9.2.0.1.0  Production
TNS for Linux: Version 9.2.0.1.0 - Production
NLSRTL Version 9.2.0.1.0 - Production
 
Regard
IP Logged

Pete Finnigan (email:pete@petefinnigan.com)
Oracle Security Web site: http://www.petefinnigan.com
Forum: http://www.petefinnigan.com/forum/yabb/YaBB.cgi
Oracle security blog: http://www.petefinnigan.com/weblog/entries/index.html
Pete Finnigan
PeteFinnigan.com Administrator
*****




Oracle Security is easier if you design for it

   
View Profile | WWW | Email

Gender: male
Posts: 309
Re: Oracle password cracker written in PL/SQL
« Reply #4 on: Nov 24th, 2008, 9:42am »
Quote | Modify

Hi,
 
could you help me please ?
 
regards
IP Logged

Pete Finnigan (email:pete@petefinnigan.com)
Oracle Security Web site: http://www.petefinnigan.com
Forum: http://www.petefinnigan.com/forum/yabb/YaBB.cgi
Oracle security blog: http://www.petefinnigan.com/weblog/entries/index.html
Pete Finnigan
PeteFinnigan.com Administrator
*****




Oracle Security is easier if you design for it

   
View Profile | WWW | Email

Gender: male
Posts: 309
Re: Oracle password cracker written in PL/SQL
« Reply #5 on: Nov 24th, 2008, 10:37am »
Quote | Modify

Hi,  
 
Thanks for your post. Sorry for the delay, I have been working abroad and had no internet access.
 
The problem is simply permissions. Normally, you only need two permissions to run this cracker, this is CREATE SESSION and also SELECT on SYS.USER$:
 
SQL> select * from user_role_privs;
 
no rows selected
 
SQL> select * from user_sys_privs;
 
USERNAME        PRIVILEGE       ADM
------------------------------ ---------------------------------------- ---
CRACKER    CREATE SESSION       NO
 
1 row selected.
 
SQL> select * from user_tab_privs;
 
GRANTEE    OWNER
------------------------------ ------------------------------
TABLE_NAME      GRANTOR
------------------------------ ------------------------------
PRIVILEGE       GRA HIE
---------------------------------------- --- ---
CRACKER    SYS
USER$      SYS
SELECT          NO  NO
 
 
1 row selected.
 
SQL> @cracker-v2.0.sql
cracker: Release 1.0.4.0.0 - Beta on Mon Nov 24 10:32:51 2008
Copyright (c) 2008 PeteFinnigan.com Limited. All rights reserved.
 
T Username   Password     CR FL STA
=======================================================
 
U "SYS"      [ORACLE1   ] DI CR OP
U "SYSTEM"   [ORACLE1   ] DI CR OP
U "OUTLN"    [OUTLN     ] DE CR EL
U "DIP"      [DIP       ] DE CR EL
U "TSMSYS"   [TSMSYS    ] PU CR EL
U "ORACLE_OCM"    [ORACLE_OCM     ] PU CR EL
U "XDB"      [CHANGE_ON_INSTALL   ] DE CR EL
R "GLOBAL_AQ_USER_ROLE [GL-EX {GLOBAL} ] GE CR OP
U "DBSNMP"   [ORACLE1   ] DI CR OP
U "WMSYS"    [WMSYS     ] DE CR EL
U "EXFSYS"   [EXFSYS    ] DE CR EL
U "CTXSYS"   [CHANGE_ON_INSTALL   ] DE CR EL
U "XS$NULL"  [     ] -- -- EL
U "ANONYMOUS"     [IMP {anonymous}     ] IM CR EL
R "SPATIAL_WFS_ADMIN"  [SPATIAL_WFS_ADMIN   ] PU CR OP
U "ORDSYS"   [ORDSYS    ] DE CR EL
U "ORDPLUGINS"    [ORDPLUGINS     ] DE CR EL
U "SI_INFORMTN_SCHEMA" [SI_INFORMTN_SCHEMA  ] DE CR EL
U "MDSYS"    [MDSYS     ] DE CR EL
U "OLAPSYS"  [     ] -- -- EL
U "MDDATA"   [MDDATA    ] DE CR EL
U "HR"       [CHANGE_ON_INSTALL   ] DE CR EL
U "SPATIAL_WFS_ADMIN_U [SPATIAL_WFS_ADMIN_US] PU CR EL
R "WFS_USR_ROLE"  [WFS_USR_ROLE   ] PU CR OP
R "SPATIAL_CSW_ADMIN"  [SPATIAL_CSW_ADMIN   ] PU CR OP
U "SPATIAL_CSW_ADMIN_U [SPATIAL_CSW_ADMIN_US] PU CR EL
R "CSW_USR_ROLE"  [CSW_USR_ROLE   ] PU CR OP
U "WKSYS"    [CHANGE_ON_INSTALL   ] DE CR EL
U "WKPROXY"  [CHANGE_ON_INSTALL   ] DE CR EL
U "WK_TEST"  [WK_TEST   ] DE CR EL
U "SYSMAN"   [ORACLE1   ] DI CR OP
U "MGMT_VIEW"     [     ] -- -- OP
U "FLOWS_FILES"   [     ] -- -- EL
U "APEX_PUBLIC_USER"   [     ] -- -- EL
U "FLOWS_030000"  [     ] -- -- EL
U "OWBSYS"   [OWBSYS    ] PU CR EL
R "OWB$CLIENT"    [S    ] BF CR OP
R "OWB_DESIGNCENTER_VI [S    ] BF CR OP
U "SCOTT"    [TIGER     ] DE CR EG
U "AB"       [AB   ] PU CR OP
U "OE"       [CHANGE_ON_INSTALL   ] DE CR EL
U "IX"       [CHANGE_ON_INSTALL   ] DE CR EL
U "SH"       [CHANGE_ON_INSTALL   ] DE CR EL
U "PM"       [CHANGE_ON_INSTALL   ] DE CR EL
U "BI"       [CHANGE_ON_INSTALL   ] DE CR EL
U "PETE"     [PETE      ] DE CR OP
U "BILL"     [BILL      ] PU CR OP
U "A"   [A    ] PU CR OP
U "B"   [B    ] PU CR OP
U "C"   [C    ] PU CR OP
U "RES_TEST"      [RES_TEST  ] PU CR OP
U "XX"       [123456    ] DI CR OP
U "ORASCAN"  [ORASCAN   ] PU CR OP
U "IMPOSS"   [IMP {imposs123456789] IM CR OP
U "D"   [     ] -- -- OP
U "P1"       [P1   ] PU CR OP
U "P2"       [P2   ] PU CR OP
U "CRACKER"  [CRACKER   ] PU CR OP
 
 
INFO: Number of crack attempts = [59963]
INFO: Elapsed time = [4.24 Seconds]
INFO: Cracks per second = [14140]
 
PL/SQL procedure successfully completed.
 
SQL>
 
So simply do:
 
GRANT SELECT ON SYS.USER$ TO {USER} and
GRANT CREATE SESSION TO {USER}
 
Hope this helps
 
cheers
 
Pete
IP Logged

Pete Finnigan (email:pete@petefinnigan.com)
Oracle Security Web site: http://www.petefinnigan.com
Forum: http://www.petefinnigan.com/forum/yabb/YaBB.cgi
Oracle security blog: http://www.petefinnigan.com/weblog/entries/index.html
Pete Finnigan
PeteFinnigan.com Administrator
*****




Oracle Security is easier if you design for it

   
View Profile | WWW | Email

Gender: male
Posts: 309
Re: Oracle password cracker written in PL/SQL
« Reply #6 on: Dec 2nd, 2008, 3:48pm »
Quote | Modify

Hi Pete,
 
it's the heart of my problem !!
my privileges are insufficient, this the reason why I would like to find admin password !! It's an old DB and I would like to delete undotbs1 because of its size > 10Go. Manufacturer does not maintain this system but it have to work yet !!
 
SQL>  GRANT SELECT ON SYS.USER$ TO ab_svr;
 GRANT SELECT ON SYS.USER$ TO ab_svr
      *
ERROR at line 1:
ORA-00942: table or view does not exist
 
 
SQL>  GRANT CREATE SESSION TO ab_svr;
 GRANT CREATE SESSION TO ab_svr
*
ERROR at line 1:
ORA-01031: insufficient privileges
 
thank
 
Fabrice
IP Logged

Pete Finnigan (email:pete@petefinnigan.com)
Oracle Security Web site: http://www.petefinnigan.com
Forum: http://www.petefinnigan.com/forum/yabb/YaBB.cgi
Oracle security blog: http://www.petefinnigan.com/weblog/entries/index.html
Pete Finnigan
PeteFinnigan.com Administrator
*****




Oracle Security is easier if you design for it

   
View Profile | WWW | Email

Gender: male
Posts: 309
Re: Oracle password cracker written in PL/SQL
« Reply #7 on: Dec 3rd, 2008, 10:20pm »
Quote | Modify

What privileges do you have ?
Someone (presumably) has access to the server the database is running on and can log in as oracle and connect with the / AS SYSDBA syntax.
Once that's done they can reset the password.
IP Logged

Pete Finnigan (email:pete@petefinnigan.com)
Oracle Security Web site: http://www.petefinnigan.com
Forum: http://www.petefinnigan.com/forum/yabb/YaBB.cgi
Oracle security blog: http://www.petefinnigan.com/weblog/entries/index.html
Pete Finnigan
PeteFinnigan.com Administrator
*****




Oracle Security is easier if you design for it

   
View Profile | WWW | Email

Gender: male
Posts: 309
Re: Oracle password cracker written in PL/SQL
« Reply #8 on: Dec 8th, 2008, 9:34am »
Quote | Modify

Hello Pete,
 
My privileges are : (from DBA_TAB_PRIVS)
 
GRANTEE : ab_svr
OWNER : ab_admin (I have an access to ab_admin)
TABLE_NAME : several  
GRANTOR : ab_static or ab_admin (I have an access too)
PRIVILEGE : SELECT, INSERT,UPDATE,DELETE.
 
Could you explain me the way to use / AS SYSDBA ??
 
Thank again
IP Logged

Pete Finnigan (email:pete@petefinnigan.com)
Oracle Security Web site: http://www.petefinnigan.com
Forum: http://www.petefinnigan.com/forum/yabb/YaBB.cgi
Oracle security blog: http://www.petefinnigan.com/weblog/entries/index.html
Pete Finnigan
PeteFinnigan.com Administrator
*****




Oracle Security is easier if you design for it

   
View Profile | WWW | Email

Gender: male
Posts: 309
Re: Oracle password cracker written in PL/SQL
« Reply #9 on: Dec 8th, 2008, 10:21pm »
Quote | Modify

System privileges would be more useful than tab privilieges. For example, if you have the ALTER USER system privilege you can simply reset the password (using ALTER USER).
To connect using "/ AS SYSDBA", log on to the server that the database is running on as the oracle user. If you don't have that password, the system administrator should be able to log in as root and change it. If it is a Windows server, a user with administrator privileges should work too.
Then, from a command prompt, try  
sqlplus / as sysdba
That assumes there's only one instance running on that database.
As you can understand, a typical oracle user should NOT be able to access/change/crack passwords.  
 
That isn't to say that they can't (especially if patching has been neglected), but the legitimate DBA should have more direct official routes to get things done.
IP Logged

Pete Finnigan (email:pete@petefinnigan.com)
Oracle Security Web site: http://www.petefinnigan.com
Forum: http://www.petefinnigan.com/forum/yabb/YaBB.cgi
Oracle security blog: http://www.petefinnigan.com/weblog/entries/index.html
Pete Finnigan
PeteFinnigan.com Administrator
*****




Oracle Security is easier if you design for it

   
View Profile | WWW | Email

Gender: male
Posts: 309
Re: Oracle password cracker written in PL/SQL
« Reply #10 on: Apr 27th, 2009, 4:07pm »
Quote | Modify

hey,
Question n°1:plz what is the meaning of  PU CR OP BF EL DI .
 
Question n°2:i would like to post the result of your script in HTML page ,how can i do ?
 
thx .
IP Logged

Pete Finnigan (email:pete@petefinnigan.com)
Oracle Security Web site: http://www.petefinnigan.com
Forum: http://www.petefinnigan.com/forum/yabb/YaBB.cgi
Oracle security blog: http://www.petefinnigan.com/weblog/entries/index.html
Pete Finnigan
PeteFinnigan.com Administrator
*****




Oracle Security is easier if you design for it

   
View Profile | WWW | Email

Gender: male
Posts: 309
Re: Oracle password cracker written in PL/SQL
« Reply #11 on: Apr 27th, 2009, 9:21pm »
Quote | Modify

Hi,
 
PU = Password equals Username, i..e the password was cracked like this
CR = Cracked - I added this to post process with awk
OP = Open account status
BF = Brute Force - i.e. the password was cracked in brute force mode
EL = Expired Locked - its an account status
DI = Dictionary - it means that the password was cracked using a dictionary word.
 
HTML:- The easiest way would be to modify the output statements in the PL/SQL to output a HTML table.
 
cheers
 
Pete
IP Logged

Pete Finnigan (email:pete@petefinnigan.com)
Oracle Security Web site: http://www.petefinnigan.com
Forum: http://www.petefinnigan.com/forum/yabb/YaBB.cgi
Oracle security blog: http://www.petefinnigan.com/weblog/entries/index.html
Pete Finnigan
PeteFinnigan.com Administrator
*****




Oracle Security is easier if you design for it

   
View Profile | WWW | Email

Gender: male
Posts: 309
Re: Oracle password cracker written in PL/SQL
« Reply #12 on: May 28th, 2009, 6:33am »
Quote | Modify

Hi Pete,
 
I downloaded versions 1.4, 1.3 and 1.2. Version 1.4 is giving errors as below. BEGIN :debugv := 'OFF'; END;
 
*
ERROR at line 1:
ORA-06502: PL/SQL: numeric or value error: character string buffer too small
ORA-06512: at line 1
 
Version 1.3 does not give errors so I used that instead.
 
BTW, you mentioned another password checker, woraauthbf, can that be run as is as well, i.e. like running a UNIX script or a PL/SQL script.
 
Finally, does your copyright prohibit wrap(ping) your password cracker to a .plb 'coz the PL/SQL is readable in plain text. Incidentally, I tried a sample PL/SQL file and run a wrap on it then run the strings command and I can see the code in plain text so probably not something worth doing. In any case, may I obtain permission to convert the PL/SQL file into some binary form that can be executed from within SQL*Plus, at the moment, only know of using wrap.
 
Thanks in advance.
IP Logged

Pete Finnigan (email:pete@petefinnigan.com)
Oracle Security Web site: http://www.petefinnigan.com
Forum: http://www.petefinnigan.com/forum/yabb/YaBB.cgi
Oracle security blog: http://www.petefinnigan.com/weblog/entries/index.html
Pete Finnigan
PeteFinnigan.com Administrator
*****




Oracle Security is easier if you design for it

   
View Profile | WWW | Email

Gender: male
Posts: 309
Re: Oracle password cracker written in PL/SQL
« Reply #13 on: May 28th, 2009, 9:37am »
Quote | Modify

Hi,
 
Thanks for your post. I found this a strange one. I ran this on my own 11.1.0.7 database and it works fine:
 
Connected to:
Personal Oracle Database 11g Release 11.1.0.7.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
 
SQL> @cracker-v2.0.sql
cracker: Release 1.0.4.0.0 - Beta on Thu May 28 09:02:58 2009
Copyright (c) 2008 PeteFinnigan.com Limited. All rights reserved.
 
T Username   Password     CR FL STA
=======================================================
 
U "SYS"      [ORACLE1   ] DI CR OP
U "SYSTEM"   [ORACLE1   ] DI CR OP
U "OUTLN"    [OUTLN     ] DE CR EL
...
 
I did investigate the code though and there is an issue with the variable debugv being varchar2(2) whereas it should be length 3 to accomodate the word 'OFF'. I have fixed the code and updated the zip to version 1.5. The new code is available from http://www.petefinnigan.com/oracle_password_cracker.htm .
 
You cannot wrap a SQL*Plus script; you can only wrap database objects such as PROCEDURES, FUNCTIONS, PACKAGES {BODY}, TYPE {BODY}.  This is why it didnt work. Also if you want to wrap it then wrap the testpwd.sql code available from http://www.petefinnigan.com/tools.htm as that is intended to be installed in the database BUT you will need to feed it with passwords.  
 
Yes worauthbf by Laszlo is a cracker witten in C. There is a link on my tools page or in the blog. It is a binary. I wrote the PL/SQL script because people had issues using binaries in their organisations.
 
cheers
 
Pete
IP Logged

Pete Finnigan (email:pete@petefinnigan.com)
Oracle Security Web site: http://www.petefinnigan.com
Forum: http://www.petefinnigan.com/forum/yabb/YaBB.cgi
Oracle security blog: http://www.petefinnigan.com/weblog/entries/index.html
Pages: 1  Reply | Notify of replies | Send Topic | Print

« Previous topic | Next topic »

Powered by YaBB 1 Gold - SP 1.4!
Forum software copyright © 2000-2004 Yet another Bulletin Board
  • PFCLScan PFCLScan

    Simply connect PFCLScan to your Oracle database and it will automatically discover the security issues that could make your Oracle database vulnerable to attack and to the potential loss of your data.

  • PFCL Obfuscate PFCLObfuscate

    PFCLObfuscate is the only tool available that can automatically add license controls to your PL/SQL code. PFCLObfuscate protects your Intellectual Property invested in your PL/SQL database code.

  • PFCLCode PFCLCode

    PFCLCode is a tool to allow you to analyse your PL/SQL code for many different types of security issues. PFCLCode gives you a detailed review and reports and includes a powerful colour syntax highlighting code editor

  • PFCLForensics PFCLForensics

    PFCLForensics is the only tool available to allow you to do a detailed live response of a breached Oracle database and to then go on and do a detailed forensic analysis of the data gathered.

  • Products We resell PFCLReselling

    PeteFinnigan.com Limited has partnered with a small number of relevant companies to resell their products where they enhance or compliment what we do

  • PFCLATK PFCLATK

    PFCLATK is a toolkit that allows detailed pre-defined policy driven audit trails for your Oracle database. The toolkit also provides for a centralised audit trail and centralised activity reporting

  • PFCLCookie PFCLCookie

    PFCLCookie is a useful tool to use to audit your websites for tracking cookies. Scan websites in a natural way using powerful browser driven scanner

  • PFCL Training PFCLTraining

    PFCLTraining is a set of expert training classes for you, aimed at teaching how to audit your own Oracle database, design audit trails, secure code in PL/SQL and secure and lock down your Oracle database.

  • PFCL Services PFCLServices

    Choose PFCLServices to add PeteFinnigan.com Ltd to your team for your Oracle Security needs. We are experts in performing detailed security audits, data security design work and policy creation

  • PFCLConsulting PFCLConsulting

    Choose PFCLConsulting to ask PeteFinnigan.com Limited to set up and use our products on your behalf

  • PFCLCustom PFCLCustom

    All of our software products can be customised at a number of levels. Choose this to see how our products can be part of your products and services

  • PFCLCloud PFCLCloud

    Private cloud, public cloud, hybrid cloud or no cloud. Learn how all of our services, trainings and products will work in the cloud

  • PFCLUserRights PFCLUserRights

    PFCLUserRights allows you to create a very detailed view of database users rights. The focus of the reports is to allow you to decide what privileges and accounts to keep and which to remove.

  • PFCLSTK PFCLSTK

    PFCLSTK is a toolkit application that allows you to provide database security easily to an existing database. PFCLSTK is a policy driven toolkit of PL/SQL that creates your security

  • PFCLSFTK PFCLSFTK

    PFCLSFTK is a toolkit that solves the problem of securing third party applications written in PL/SQL. It does this by creating a thin layer between the application and database and this traps SQL Injection attempts. This is a static firewall.

  • PFCLSEO PFCLSEO

    PFCLSEO is a web scanner based on the PFCLScan technology so that a user can easily scan a website for technical SEO issues