Tools:

bullet

Database Security

bullet

DBVisualiser

bullet

MatriXay

bullet

     MS SQL Server

bullet

           forceSQL

bullet

           piggy

bullet

           SQLat

bullet

           SQLdict

bullet

           SQLlhf

bullet

           SQLPing

bullet

           SQLPing2

bullet

           SQLPoke

bullet

           SQLRecon

bullet

           SQLVer

bullet

Oracle

bullet

           breakable

bullet

           check password

bullet

           Default Passwords

bullet

           DNS/HTTP enumeration

bullet

           LSNR Check

bullet

           OAK

bullet

           Oracle Auditing Tool

bullet

           Oracle Client

bullet

           Oracle Security Check

bullet

           OracSec

bullet

           Oscanner

bullet

           Orabf

bullet

           Oracle TNSLSNR

bullet

           scuba

bullet

           Service Register

bullet

           SIDGuess

bullet

           sidguesser

bullet

           sqlinjector

bullet

           SQL Plus

bullet

           TCP Scan

bullet

           TNSCmd

bullet

           TNSVer

bullet

           Winsid

bullet

SQL Injection    

bullet

     Sybase

bullet

           NGS Squirrel for Sybase

 

Pen Testing Framework:

bullet

Pen Test Framework  (html)

bullet

    Source  (FreeMind .mm format)

bullet

    PDF       (zip format)

bullet

Framework Poster available

bullet

Pre-site Template (html)

bullet

Pre-site Template (pdf)

bullet

Report Template (html)

bullet

Report Template (pdf)

bullet

Compliance Testing

 

Information:

bullet

IT Threats

bullet

RSS Feed


 
      

 

NGS Squirrel for Sybase

 

Sybase is a relational database management system, (RDMS) and although not one of the most popular databases out there in the wild, its market share is slowly increasing.  NGS Software offer a vulnerability assessment tool to enumerate Sybase instances and provide an easy to understand report grading any vulnerability found.  Currently NGS Squirrel for Sybase (ASE) provides a user with the ability to:

  • Fix vulnerabilities by generating lockdown scripts,

  • Generate Comprehensive Reporting,

  • Three-mode audit level (quick, normal and full),

  • Be regularly updated as and when new vulnerabilities are discovered.

Installation:

 

NGSSquirrel for Sybase ASE can be currently used on:

Microsoft Windows 2003,

Microsoft Windows 2000,

Microsoft Windows XP,

Microsoft Windows NT Version 4.0 (Service Pack 4+)

 

Minimum Pentium III or Athlon at 1GHz (Pentium 4 at 2Ghz or Athlon XP 2000+ recommended)

Minimum 256Mb Ram (512Mb+ recommended)

 

It is available from here.

 

In addition Sybase ODBC drivers require to be installed (available from Sybase).

 

Note: - At the time of writing the current product does not work with Sybase ASE15 development edition ODBC drivers and I utilised the ODBC drivers contained within the pcclient12.5 from Sybase.  An ODBC connection could be formed between the Windows XP SP2 test machine and the remote database using the ASE15 drivers but NGS Squirrel could not detect them.

 

The product itself provides very verbose output and although the GUI does look a little basic, it is functional and provides all the information you need when assessing Sybase servers.

 

Execution:

 

Select Scan from the top menu and add a host.

Select Scan from the top menu and add an instance (if not detected)

Select the Instance, right click and select scan settings

Add a valid username and password and to be on the safe side, press the test connection key to verify connectivity.

Alternatively select the I don't have a valid User ID and password and enter account names to be tried and either use the pre-supplied NGS dictionary or use your own.

Select the reporting tab from scan settings and decide on the level of test, quick, normal or full

Press the green arrow, the scan should begin.

Once finished you can save the scan for re-use and export the scan to a number of differing formats.

 

 

Abridged Squirrel output:

 

High Priorities


200.100.100.231

High Risk Non-default admin logins

Issue path: /200.100.100.231/master/Problems/Logins/Non-default admin logins
Severity: High
Details: Administrative login accounts were found that are not present by default. This may be desired behaviour, or it may indicate that the server has been compromised. Please manually confirm that these administrative accounts are really necessary.
Results:

name
probe

High Risk Allow Remote Access

Issue path: /200.100.100.231/master/Problems/System Settings/Allow Remote Access
Severity: High
Details: Currently other Sybase ASEs may connect to this server over RPC. Run sp_configure.
Results:

comment value
allow remote access 1

Medium Priorities


200.100.100.231

Medium Risk Select

Issue path: /200.100.100.231/master/Warnings/Databases/gash/Public Object Permissions/sysalternates/Select
Severity: Medium
Details: The 'public' role has permission to select from the gash.dbo.sysalternates
Results:

name username
sysalternates public

Medium Risk Select

Issue path: /200.100.100.231/master/Warnings/Databases/gash/Public Object Permissions/sysattributes/Select
Severity: Medium
Details: The 'public' role has permission to select from the gash.dbo.sysattributes
Results:

name username
sysattributes public

Medium Risk Execute

Issue path: /200.100.100.231/master/Warnings/Databases/master/Public Object Permissions/sp_configure/Execute
Severity: Medium
Details: The 'public' role has permission to execute master.dbo.sp_configure
Results:

name username
sp_configure public

 

  VulnerabilityAssessment.co.uk            Thursday May 17, 2007
hit counter
html hit counter