|
Penetration Testing
mailing list archives
RE: Oracle8i
From: Jonathan Rickman <jonathan () xcorps net>
Date: Mon, 2 Jul 2001 13:07:22 -0400 (EDT)
In addition to oracle/oracle at the OS level. sys / change_on_install is
the default at the DB level. That one's usually changed but the other
(system / manager) is sometimes forgotten.
--
Jonathan Rickman
X Corps Security
http://www.xcorps.net
On Mon, 2 Jul 2001, Andrew van der Stock wrote:
The Oracle 8 listener is always in the news. I'd suggest there. See Covert
Lab's posts from June 26.
But realistically, try oracle / oracle at the login prompt. You will be
surprised how often that works.
Never forget the OS the thing runs on, look at seeing if you can sniff the
network - dba tools are notorious for leaking credentials left right and
center.
See if you can find installation doco for any clients, or do some social
engineering to get a client installed on a pre-rigged workstation. That will
help you try a few different escalation attacks.
Andrew
-----Original Message-----
From: INA (V. Brahmanandam) [mailto:BrahmanandamV () emiratesbank com]
Sent: Monday, 2 July 2001 15:17
To: 'PEN-TEST () SECURITYFOCUS COM'
Subject: Oracle8i
Hi all,
Has any one in this group had a chance to pen-test Oracle 8i running on Net
8 network.
--------------------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service
For more information on SecurityFocus' SIA service which automatically alerts you to
the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
--------------------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service
For more information on SecurityFocus' SIA service which automatically alerts you to
the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
 By Date 
By Thread
Current thread:
| 
Intro
