OAT - Oracle Auditing Tools

The Oracle Auditing Tools is a toolkit that could be used to audit security within Oracle database servers.
The OAT uses CREATE LIBRARY to be able to access the WinExec function in the kernel32.dll in Windows or the system call in libc on Un*x. Having access to this function makes it possible to execute anything on the server with the same security context as the user who started the Oracle Service. So basicaly all accounts with default passwords, or easy guessable password, having this privelege can do this.
The OAT have a builtin TFTP server for making file transfers easy. The tftp server is based on the server source from www.gordian.com. The Tools are Java based and were tested on both Windows and Linux. They should hopefully also run on any other Java platform.

The toolkit consists of the following tools:
*OraclePWGuess - A dictionary attack tool that can be used with
usersupplied dictionaries or with the builtin support for finding default accounts.
*OracleQuery- A minimalistic command line based sql query tool.
*OracleSamDump – Connects to the Oracle server and executes TFTP get, to fetch the pwdump2 binary. The server is then pwdump2:ed and the result is returned to the SAM folder of the TFTP server.
*OracleSysExec – Can be run in interactive mode, letting the user specify commands to be executed by the server or in automatic mode. In automatic mode, netcat is tftpd over to the server and binds a shell to the tcp port 31337.
*OracleTNSCtrl - is used to query the TNS listener for various information, like the Oracle lsnrctl utility. It is somewhat limited though. Use the help command to see commands curently implemented.

http://www.cqure.net/tools/oat-source-1.3.1.zip (Source)
http://www.cqure.net/tools/oat-binary-1.3.1.zip (Binary)

hash krackin rss feed Subscribe in a reader

Copyright 2011 | All software listed is freeware unless otherwise stated. All software listed is property of the publisher. The software on this website may be reported by antivirus as malicious, however this can be disregarded due to the nature of these tools. Hash Krackin can not be held responsible for any of your actions performed by the resources of this website. Please contact the webmaster of any broken links or password cracker resources you would like featured on this site.