In addition to oracle/oracle at the OS level. sys / change_on_install is the default at the DB level. That one's usually changed but the other (system / manager) is sometimes forgotten. -- Jonathan Rickman X Corps Security http://www.xcorps.net On Mon, 2 Jul 2001, Andrew van der Stock wrote: > The Oracle 8 listener is always in the news. I'd suggest there. See Covert > Lab's posts from June 26. > > But realistically, try oracle / oracle at the login prompt. You will be > surprised how often that works. > > Never forget the OS the thing runs on, look at seeing if you can sniff the > network - dba tools are notorious for leaking credentials left right and > center. > > See if you can find installation doco for any clients, or do some social > engineering to get a client installed on a pre-rigged workstation. That will > help you try a few different escalation attacks. > > Andrew > > -----Original Message----- > From: INA (V. Brahmanandam) [mailto:BrahmanandamVat_private] > Sent: Monday, 2 July 2001 15:17 > To: 'PEN-TESTat_private' > Subject: Oracle8i > > > Hi all, > > Has any one in this group had a chance to pen-test Oracle 8i running on Net > 8 network. > > > -------------------------------------------------------------------------------------- > > This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service > For more information on SecurityFocus' SIA service which automatically alerts you to > the latest security vulnerabilities please see: > > https://alerts.securityfocus.com/ > > -------------------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Tue Jul 03 2001 - 07:07:15 PDT