Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "3 new papers on Oracle forensics"] [Next entry: "A new Oracle Security Apprentice?"]

Oracle Assessment Toolkit

David has released an Oracle Assessment Toolkit on his website. This is a set of tools compiled into binaries that also include the C source code. The real gem is the fact that David has included a C source TNS library. The whole OAK zip is beta so dont expect everything to be perfect and complete, david has said he will complete it, let give him chance.

The kit includes a tool to get oracle versions (this can be seen in the OHH as well for explanations), a tool to enumerate users in a database without authenticating. A password brute force tool, a tool to retrieve the SID's from the listener, a tool to guess SID's and an example of the Jan 2006 CPU DB18 AUTH_ALTER_SESSION hack.

Worth downloading and also keeping an eye on for fixes and updates.