In addition to oracle/oracle at the OS level. sys / change_on_install is
the default at the DB level. That one's usually changed but the other
(system / manager) is sometimes forgotten.
--
Jonathan Rickman
X Corps Security
http://www.xcorps.net
On Mon, 2 Jul 2001, Andrew van der Stock wrote:
> The Oracle 8 listener is always in the news. I'd suggest there. See Covert
> Lab's posts from June 26.
>
> But realistically, try oracle / oracle at the login prompt. You will be
> surprised how often that works.
>
> Never forget the OS the thing runs on, look at seeing if you can sniff the
> network - dba tools are notorious for leaking credentials left right and
> center.
>
> See if you can find installation doco for any clients, or do some social
> engineering to get a client installed on a pre-rigged workstation. That will
> help you try a few different escalation attacks.
>
> Andrew
>
> -----Original Message-----
> From: INA (V. Brahmanandam) [mailto:BrahmanandamV_at_emiratesbank.com]
> Sent: Monday, 2 July 2001 15:17
> To: 'PEN-TEST_at_SECURITYFOCUS.COM'
> Subject: Oracle8i
>
>
> Hi all,
>
> Has any one in this group had a chance to pen-test Oracle 8i running on Net
> 8 network.
>
>
> --------------------------------------------------------------------------------------
>
> This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service
> For more information on SecurityFocus' SIA service which automatically alerts you to
> the latest security vulnerabilities please see:
>
> https://alerts.securityfocus.com/
>
>
--------------------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service
For more information on SecurityFocus' SIA service which automatically alerts you to
the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Received on Jul 03 2001
Intro
