Oracle Auditing Tools

The Oracle Auditing Tools is a toolkit that could be used to audit security within Oracle database servers.

The OAT use CREATE LIBRARY to be able to access the WinExec function in the kernel32.dll in Windows or the system call in libc on Un*x. Having access to this function makes it possible to execute anything on the server with the same security context as the user who started the Oracle Service. So basicaly all accounts with default passwords, or easy guessable password, having this privelege can do this.

The OAT have a builtin TFTP server for making file transfers easy. The tftp server is based on the server source from The Tools are Java based and were tested on both Windows and Linux. They should hopefully also run on any other Java platform.

The toolkit consists of the following tools:

OraclePWGuess – A dictionary attack tool that can be used with
usersupplied dictionaries or with the builtin support for finding default accounts.

OracleQuery– A minimalistic command line based sql query tool.

OracleSamDump – Connects to the Oracle server and executes TFTP get, to fetch the pwdump2 binary. The server is then pwdump2:ed and the result is returned to the SAM folder of the TFTP server.

OracleSysExec – Can be run in interactive mode, letting the user specify commands to be executed by the server or in automatic mode. In automatic mode, netcat is tftpd over to the server and binds a shell to the tcp port 31337.

OracleTNSCtrl – is used to query the TNS listener for various information, like the Oracle lsnrctl utility. It is somewhat limited though. Use the help command to see commands curently implemented.


Java Runtime Environment or your favorite google query

Oracle JDBC Driver ( or or your favorite google query

CHANGES in 1.0.5
A few bugfixes, making it more reliable with Oracle 9. The possibility to supply a path to the tempdir.

CHANGES in 1.1.0
The password guessing is now done on all SIDs of the database. The SIDs enumeration should now be more reliable, Errors reported in a more readable form.

CHANGES in 1.1.1
Bugfixes in pwguessing code.

CHANGES in 1.2.0
Support for command execution on Solaris

OracleQuery – minimalistic commandline sql query tool
Many Bugfixes

CHANGES in 1.3.0
Added support for manually specifying remote os when running (O)racle (S)ystem (E)exec.

CHANGES in 1.3.1
Extracted internal list of default accounts to accounts.default file.

Version 1.3.1 source
Version 1.3.1 binary

Oracle Auditing Tools (OAT) were developed by Patrik Karlsson.