The Oracle Auditing Tools is a toolkit that could be used to audit security within Oracle database servers.
The OAT use CREATE LIBRARY to be able to access the WinExec function in the kernel32.dll in Windows or the system call in libc on Un*x. Having access to this function makes it possible to execute anything on the server with the same security context as the user who started the Oracle Service. So basicaly all accounts with default passwords, or easy guessable password, having this privelege can do this.
The OAT have a builtin TFTP server for making file transfers easy. The tftp server is based on the server source from www.gordian.com. The Tools are Java based and were tested on both Windows and Linux. They should hopefully also run on any other Java platform.
The toolkit consists of the following tools:
OraclePWGuess – A dictionary attack tool that can be used with
usersupplied dictionaries or with the builtin support for finding default accounts.
OracleQuery– A minimalistic command line based sql query tool.
OracleSamDump – Connects to the Oracle server and executes TFTP get, to fetch the pwdump2 binary. The server is then pwdump2:ed and the result is returned to the SAM folder of the TFTP server.
OracleSysExec – Can be run in interactive mode, letting the user specify commands to be executed by the server or in automatic mode. In automatic mode, netcat is tftpd over to the server and binds a shell to the tcp port 31337.
OracleTNSCtrl – is used to query the TNS listener for various information, like the Oracle lsnrctl utility. It is somewhat limited though. Use the help command to see commands curently implemented.
Java Runtime Environment
http://www.javasoft.com or your favorite google query
Oracle JDBC Driver (classes111.zip or classes12.zip)
http://www.oracle.com or your favorite google query
CHANGES in 1.0.5
A few bugfixes, making it more reliable with Oracle 9. The possibility to supply a path to the tempdir.
CHANGES in 1.1.0
The password guessing is now done on all SIDs of the database. The SIDs enumeration should now be more reliable, Errors reported in a more readable form.
CHANGES in 1.1.1
Bugfixes in pwguessing code.
CHANGES in 1.2.0
Support for command execution on Solaris
OracleQuery – minimalistic commandline sql query tool
CHANGES in 1.3.0
Added support for manually specifying remote os when running (O)racle (S)ystem (E)exec.
CHANGES in 1.3.1
Extracted internal list of default accounts to accounts.default file.
Oracle Auditing Tools (OAT) were developed by Patrik Karlsson.