Tag Archives: metasploit

My new role as “product responsible”

For nearly 6 months now I do something different than just technical work. I am currently – what they call at Rabobank – “Product Verantwoordelijke”. In English it sounds a bit weird: “product responsible”, or “responsible for the product”. And … Continue reading

Posted in I'm not a manager | Tagged , , , , , , , , | Leave a comment

Exploiting an Oracle database with Metasploit (Part 2)

Continuing from Exploiting an Oracle database with Metasploit (Part 1). Here’s the next set of Metasploit exploits and scanners I’ve tried and tested. auxiliary/scanner/oracle/tnspoison_checker This one just checks if your database is vulnerable to TNS poisoning: msf auxiliary(tnspoison_checker) > info … Continue reading

Posted in Hacking for better security awareness, Oracle security | Tagged , , , | Leave a comment

Exploiting an Oracle database with Metasploit (Part 1)

Now that I have a Metasploit and Oracle demo environment, it is time to see what I can use to exploit an Oracle 11g Release 2 database. I have to tell you, most of the exploits are actually rather old. … Continue reading

Posted in Hacking for better security awareness, Oracle security | Tagged , , , , | 1 Comment

Five steps to have your own Metasploit and Oracle demo environment

Bingo! I’ve done it! I’ve got Metaspoit working against an Oracle database. And in this blogpost I’ll explain how you can do it too.   Step 0. Your soon to be powned Oracle database Let’s assume you already have a … Continue reading

Posted in Hacking for better security awareness, Oracle security | Tagged , , , , , , | Leave a comment

Installing and Learning Metasploit

I’ve blogged about Metasploit before. Metasploit is a framework for exploits and comes with tools like port scanners, password crackers and more. These days you can learn a lot of skills on Youtube, and tutorials about Metasploit are among them. … Continue reading

Posted in Hacking for better security awareness, Oracle security | Tagged , , , , , , , | Leave a comment

Struggling to install Metasploit with Oracle drivers

Next tuesday I’ll be doing an Oracle database hacking course for teammembers at my work. (Because, the best way to gain security awareness, is to learn to hack). We’ll be doing SQL injection, port scanning with Nmap, network sniffing with … Continue reading

Posted in Oracle security, Uncategorized | Tagged , , , , , , , | 2 Comments

On getting rid of (unpatched) Oracle 9i and lower versions

During the Planboard symposium I did some live demos of Nmap and Metasploit. Some called it brave, others called it foolish. In the end some demos that I had prepared and succesfully tested only the night before took a nose … Continue reading

Posted in Oracle security | Tagged , , , , , , , , | Leave a comment