Results 1 to 10 of 10

Thread: Oracle pentes with BT

  1. #1
    Just burned his ISO
    Join Date
    Feb 2011
    Posts
    5

    Default Oracle pentes with BT

    HI,

    I need to do a pentest for oracle on the lan so I looked and find only a tutorial on how to perform it with BT 2.0 does someone has a guide how to do it with BT 4.2?

    thanks a lot

    juan

  2. #2
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default Re: Oracle pentes with BT

    A pentest? Did someone hire you to do this?
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  3. #3
    Just burned his ISO
    Join Date
    Feb 2011
    Posts
    5

    Default Re: Oracle pentes with BT

    well a client hired me to to an internal pentest and I discovered 2 Oracle servers so I wanted to try to exploit them.

    why you are so surprised?



    any ideas which tools/metodology to use?

    Thanks

    J.

  4. #4
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Re: Oracle pentes with BT

    He is not surprised he asked you a question.
    In a pentest you should only test what you were hired to test, so normally they would tell you what to focus on and what you should not tuch, so I'd think twice about those servers. However if he did also give you approval to test those 2 servers I would tell him to hire someone who with the appropriate knowledge.
    Back|track giving machine guns to monkeys since 2007 !

    Do not read the Wiki, most your questions will not be answered there !
    Do not take a look at the: Forum Rules !

  5. #5
    Junior Member
    Join Date
    Oct 2010
    Posts
    45

    Default Re: Oracle pentes with BT

    Now wait up. Evidently, "Juan" doesn't know what he's doing...but isn't that what this forum is for?

  6. #6
    Junior Member wh1t3fang's Avatar
    Join Date
    Nov 2010
    Location
    from the internet
    Posts
    75

    Default Re: Oracle pentes with BT

    What sickness is trying to say is that if someone dosent know what they are doing, they really shouldn't be taking on a job to test the security of someones network. The OP didn't really give too many details on what he is trying to do so i don't want to assume anything.
    wh1t3 fang

  7. #7
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default Re: Oracle pentes with BT

    Quote Originally Posted by sickness View Post
    He is not surprised he asked you a question.
    Actually, I was a little bit surprised

    Surprised specifically about the notion that someone who has been hired to perform a job would be coming here to ask for tutorials on how to do it. Not asking for help on some specific, niggling little detail about the job mind you, but essentially asking for links to a step by step reference to do the whole thing. Being asked that by someone who claims to be a professional pentester, as opposed to an enthusiast who wants to learn or a sysadmin who has been asked to expand their job description, makes me a little suspicious that someone is not being straight with me.

    But maybe Im just overly suspicious, so here goes with the tips... start by scanning the servers, find open ports and check for vulnerabilities. Dont forget vulnerabilities in the OS or other running services. Also search for details on each service to find details on how to attack it. Then see if you can obtain access via an SQL client - there are lots of things you can do from there. Can you bypass authentication or discover logon details by any of the normal authentication attacks? What abut interactions between those Oracle servers and other systems? Are there web front ends, are there db client apps? These could provide a way in for getting SQL access.

    David Litchfield has written a number of books on the subject which are good references, including the Database Hackers Handbook and the Oracle Hackers handbook (I have a copy of this signed by the author).
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  8. #8
    Just burned his ISO
    Join Date
    Feb 2011
    Posts
    5

    Default Re: Oracle pentes with BT

    ok I did find a hole in the server. I was able to broute force one of the users.

    thanks for the help from all of you especially to you lupin !

  9. #9
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default AW: Oracle pentes with BT

    Maybe I should just go out there and start to perform surgeries on people. I mean hey, I might be lucky and have success.
    Tiocfaidh ár lá

  10. #10
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default Re: AW: Oracle pentes with BT

    Quote Originally Posted by KMDave View Post
    Maybe I should just go out there and start to perform surgeries on people. I mean hey, I might be lucky and have success.
    Which is exactly the way I see these threads. I mean would anyone hire an auto mechanic to build their house for them, instead of an actual carpenter?
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

Similar Threads

  1. sql-injecting Oracle database
    By alizzz in forum Experts Forum
    Replies: 0
    Last Post: 01-06-2011, 02:49 PM
  2. is oracle installed in bt4
    By lio_013 in forum OLD BackTrack 4 General Support
    Replies: 0
    Last Post: 02-02-2010, 12:24 PM
  3. Oracle Instant Client
    By BadKarmaPR in forum OLD BT3beta Bugs and Fixes
    Replies: 1
    Last Post: 03-24-2008, 04:43 AM
  4. Oracle Security Presentation Help?
    By >Dart> in forum OLD BackTrack v2.0 Final
    Replies: 19
    Last Post: 03-17-2008, 08:24 PM
  5. purpose of /opt/oracle/instantclient_10_2
    By bofh1234 in forum OLD Newbie Area
    Replies: 3
    Last Post: 12-07-2007, 08:15 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •