Enterprise Security

Oracle Database Attacking Tool (ODAT): Have a more secure Oracle Database with this tool

 

Oracle Database Attacking Tool's (ODAT) main features.

Okay.  So you have already set up your Oracle Database.  Are you confident that it is appropriately secure from vulnerabilities and hacking attacks?

Now, with Oracle Database Attacking Tool or ODAT, you can secure your database remotely.

Some of the things that you could do with the Oracle Database Attacking Tool include:

  • Discover a valid security identifier on a remote database by using brute force attack, a dictionary attack or using ALIAS of the listener.
  • Look for Oracle accounts using a dictionary attack.
  • Run system commands using Java, external tables, oradbg or DBMS_SCHEDULER.
  • Transmit or receive HTTP requests from the Oracle Database server using UTL_HTTP or HttpUriType.
  • Get files that are stored on the Oracle Database server via UTL_FILE, CTXSYS or external tables.
  • Update or modify files in the database’s server by using DBMS_ADVISOR, DBMS_XSLPROCESSOR or UTL_FILE.
  • Delete files in the database server by using UTL_FILE.
  • Scan ports connected to the server (both remote and local servers) using UTL_TCP, UTL_HTTP or HttpUriType.
  • Attack the CVE-2012-313 vulnerability, which is present in various versions of the Oracle Database Server.  CVE-2012-313 is an authentication protocol and it has a security flaw that allows hackers to get the session key and salt.  The hackers can change the system files or data. The vulnerability does not give the attacker control over which files may be modified.  The scope of the attack is also very limited.  It is, however, very easy to exploit this vulnerability and no authentication is required to do so.  Moreover, such an attack can leak a lot of things about the cryptographic hash.  This makes it very easy to do a brute force attack to get passwords. You can read more details about this here.

[expand title=”Click here to read more about this article”]

The tool is still in its development stage but there is already a version that you can use.  You would need to have the following installed on your computer as well:

  • Python 2.7
  • Instant Oracle basic
  • Instant Oracle software development kit
  • The Python library cx_Oracle
  • Several Python libraries are also recommended, including colorlog, termcolor, argcomplete and pyinstaller.

You can download the Oracle Database Attacking Tool 32 Bit at //github.com/quentinhardy/odat/raw/master/build/linux/odat-linux-libc2.19-i686.tar.gz or the 64 Bit version at //github.com/quentinhardy/odat/blob/master/build/linux/odat-linux-libc2.19-x86_64.tar.gz.  This is an open source tool.

It makes good practice to try to weed out vulnerabilities in your Oracle Database using this tool.  This way, you can be sure that you have adequately secured your database and database server from these possible attacks.  Imagine if a hacker has access to this tool and you happen to have a vulnerability that it can exploit, that is a massive amount of headache and stress that you could have easily avoided!

If you want to know more about the Oracle Database Attacking Tool, call Four Cornerstone at 1 (817) 377-1144 or fill out our contact form at //fourcornerstone.com/contact-us.  We can help you understand what ODAT is all about and how to best use it to help you secure your Oracle databases.  Our team of Oracle certified database experts would also be able to help you protect your databases!

Photo courtesy of quentinhardy from GitHub.

Cloud Blog

4 Ways To Benefit from…

One of the benefits you get when you work with cloud applications is that you often have quarterly updates that are packed with features. This...

Keep Reading

Artificial Intelligence

Data and Analytics: Cross the…

  Artificial intelligence is a manna sent from digital heaven. That’s how blessed your business can get if you immerse into the AI of things....

Keep Reading

Business Intelligence Blog

How Brand Names Survive in…

  The age of digital marketplace has made it possible for unknown and smaller companies to compete with better-known and well-established brands. Take for example...

Keep Reading

Artificial Intelligence

The Phenomenon That Is Artificial…

  Artificial intelligence is when a machine does cognitive functions that are more associated with humans, such as thinking, learning, problem solving, and reasoning. As...

Keep Reading

Cloud

Digital Transformation in Banking: Shift…

  The start of a new decade is already shaping up to be exciting for financial services, especially for banks as they continue to compete...

Keep Reading

Business Intelligence Blog

Data Science and Its Economic…

It would seem that artificial intelligence is the focus of businesses that are looking to future proof their organizations and stay competitive. And why not?...

Keep Reading

Data Blog

Ensure Efficient Data Science and…

In an ever-expanding landscape called Internet of Things and the exploding development of artificial intelligence, we are bombarded with complex methods of integrating data science...

Keep Reading

Business Intelligence Blog

Cybersecurity: The Top 5 Expectations…

  If you think about it, cybersecurity is closely tied to human rights, privacy, freedom, and even basic safety. As a whole, we have become...

Keep Reading

Business Intelligence Blog

Tech Security Should Be Easy…

  IT professionals know that tech security is important in everything that they do. And that there are a lot of products, tools, innovations, and...

Keep Reading

Business Intelligence Blog

The Top 6 Success Stories…

Nearly nine out of 10 digital transformation initiatives fail. Digital transformation projects fail for a variety of reasons. It can be because of a lack...

Keep Reading

Live Chat | Emergency