The Oracle 8 listener is always in the news. I'd suggest there. See Covert Lab's posts from June 26. But realistically, try oracle / oracle at the login prompt. You will be surprised how often that works. Never forget the OS the thing runs on, look at seeing if you can sniff the network - dba tools are notorious for leaking credentials left right and center. See if you can find installation doco for any clients, or do some social engineering to get a client installed on a pre-rigged workstation. That will help you try a few different escalation attacks. Andrew -----Original Message----- From: INA (V. Brahmanandam) [mailto:BrahmanandamVat_private] Sent: Monday, 2 July 2001 15:17 To: 'PEN-TESTat_private' Subject: Oracle8i Hi all, Has any one in this group had a chance to pen-test Oracle 8i running on Net 8 network. -------------------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Mon Jul 02 2001 - 09:31:05 PDT