Oracle Auditing Tools For Database Security

Oracle auditing tools is a toolkit that could be used to audit security within oracle database servers.

OAT uses create library to be able to access the winexec function in the kernel32.dll in windows or the system call in libc on unix having access to this function make it possible to execute anything on the server with the same security context as the user who started the Oracle service. so basically all accounts with defaults password or easy guessable password having this privilege can do this.

OAT has builtin TFTP server for making file transfers easy. the tools are java based and were tested on both windows and linux. they should hopefully also run on any other java platform.

we don’t write about many oracle tools as they tend to be a bit Enterprise but we did cover ODAT and way before that OAPScan

-ODAT(oracle database attacking tool) test oracle database security

Contains 

• OraclePWGuess – a dictionary attack tool that can be used with user supplied dictionary or with the builtin support for finding default account.
• OracleQuery -A minimalistic command line based sql query tool.
• OracleSamDump -Connects to the oracle server and executes TFTP get to fetch the  pwdump2 binary. the server is then pwdump2ed and the result is returnd to SAM folder of the TFTP server.