Ihr Spezialist für komplexe IT-Systeme
Contact
|
Trademarks
|
impressum
Home
Services
System/Database-Administration
Databaseadministration
Software-development
Training
Company
Prices/Conditions
references
Links
Blog
Penetration-Tests of Oracle Products with Open Source Tools
Next
Penetration-Tests of Oracle Products with Open Source Tools
Frank
Berger
24. February 2004
Table of Contents
1. Introduction
1.1. The Scenario
1.2. The Methodology
2. Gather Information
2.1. Using nmap to Port Scan Oracle Products
2.2. Abuse the IFS or XML DB FTP-Server for FTP-Bounce Port Scans
2.3. Application Fingerprinting with amap
2.4. Customizing nmap
2.5. Using tnscmd.pl to talk to Oracle Listeners
3. Scan for Vulnerabilities
3.1. Installation and Configuration of the Nessus Server
3.2. Using the Windows Client of Nessus
3.3. Writing new Plugins for Nessus
4. Search for new Vulnerabilities (Fuzzing)
4.1. Using SpikeProxy to Fuzz Web-Pages
4.2. Fuzzing the Oracle SMTP Server
References / Linkz / Download
