Time
3 minutes
Difficulty
Intermediate

Video Transcription

00:05
hello and welcome to another episode of breaking stuff with Robert today. We're going to be going over. Oh, scanner now. Oh, Scanner is a Oracle database assessment tool that's made up of plugging based architectural or a plugin based architecture.
00:21
And the tool performs password tests and enumerates Oracle versions, account rolls and privileges, account hashes, password policies and database links.
00:30
And the tools Java based in the results are offered in a graphical Java tree and XML format.
00:36
Now, as far as the target audience for this video database administrators looking to perform local database test dame security consultants that want to do a database assessment or penetration testers that are looking to quickly test an Oracle database for potential attack vectors
00:52
now prerequisites, while not required fundamental knowledge of Oracle databases and how they function and what Ports li listen on and a fundamental knowledge of Kelly Lennox command line utilization.
01:03
So, with those things in mind, we're just gonna jump into a quick, high level overviews until syntax and use case
01:11
welcome everybody to the handy dandy demo environment. So as we were saying, we're going to be looking at oh scanner, which is an oracle database assessment tool. It performs password test enumeration of like oracle version, account rolls, privileges, hashes account hashes, password policies, et cetera.
01:30
Now, in our particular environment, we don't have an Oracle database set up,
01:34
but we're going to look at the tool and some of the contextual information that it has here. So when when you come into the terminal and you type O scanner and hit enter, it does have a pretty simplistic set of commands that it needs here. So if I were to use, like my local system, so I went on to 168125
01:53
138
01:56
In this case, I don't have anything that's a local related running here. But I would put a port number for Oracle on 10. 40 something of that nature,
02:06
and then it would run against that. Now, the one thing I am missing here is I need to put the S in front of it. Says you can see server name,
02:15
and then the ports here, Andi, that would essentially run a scan against the Oracle database. And so, as you can see, I don't have, um, you know, host here. That's running Oracle that has that to scam,
02:32
but it would essentially attempt to run against that and look for privilege accounts, roll information, password policy data
02:40
account hash is very helpful. If you're a penetration tester trying to, you know, do some scans against an Oracle database or, if you're, you know, network administrator, security analyst, and you want to make sure that your Oracle databases and giving away the keys great way to do that is with this tool.
02:59
So with that in mind, let's go ahead and jump back into our slides.
03:04
Well, that was a very brief demo of the O scanner tool with respect to the tool syntax, how the tool could be used and some of the ways that that tool could be beneficial to the different roles that we had previously described. So with those things in mind, I want to thank you for your time today, and I look forward to seeing you again soon.

How to Use OScanner (BSWR)

This is an Oracle database assessment tool comprising of plugin-based architecture. The tool performs password tests and enumerates Oracle version, account roles & privileges, account hashes, password policies and database links.

Instructed By

Instructor Profile Image
Robert Smith
Director of Security Services at Corsica
Instructor