Hi All I have been looking into the default accounts that can be created during a standard installation of Oracle8i 8.1.5 for linux and for windows NT. There are a number of accounts created by default and a lot more that can be created by running various installtion / example scripts in the oracle installation directories. I have created a simple page of HTML pasted below with a table of linux, and winNT users/passwords, key privileges and identified the users created as standard. cheers Pete Finnigan PenTest Limited Manchester UK. Here is the HTML ==CUT====================================================================== <HTML> <BODY> <DIV ALIGN=LEFT> <H3>Investigation of Default Oracle Accounts</H3></DIV> <P> I have investigated standard installations of the Oracle 8i <I>RDBMS</I> on both Linux and Windows NT for version <I>8.1.5</I> and have found the following possible default accounts and password's that could be installed. I have installed the standard <I>RDBMS</I> and development tools. This gives us 9 default accounts under Linux and 12 under Windows NT. <P> The Windows NT installation is more dangerous as it provides a <I>DBA</I> account with the user CTXSYS and also the user MDSYS has "ALL PRIVILEGES WITH ADMIN" granted. Having "ALL PRIVILEGES" is as good as having <I>dba</I> privileges. None of the Linux default users is as dangerous as this, except of course SYS and SYSTEM if the passwords have been left set to the defaults. <P> There are 52 default users for Linux and 57 for Windows NT. You are never going to see all of these users in one database unless someone is experimenting but its going to be possible to see some of them. I found out these users by searching all of the SQL files provided by Oracle in the standard installation. <P> Remember it's the data in the actual database that should be protected, and most often it's not. Its not necessary to get SYS, SYSTEM or even a DBA to get at user data in an Oracle database. A user such as DBSNMP or OUTLN can access a list of users in the database. The actual user information is stored in a database table called <TT>USER$</TT> owned by the user SYS. Unless you are very lucky and someone has inadvertently granted access to this table you will not be able to see it unless you are logged on as SYS. There is also a view <TT>DBA_USERS</TT> that accesses this SYS table. Access is granted to select from this view to users who are DBA, or who have been granted permission to select any view. All is not lost though as any user who has the minimum permissions such as DBSNMP can access another view called <TT>ALL_USERS</TT>. This view doesn't let you see the password hash, but does let you get a list of all of the database users. If you can get a users password and quite often they are set to USER_NAME/USER_NAME then you can probably access the production schema and certainly do SQL Injection on the application. Using one of the innocent users such as DBSNMP or OUTLN you can glean a lot of information about a database, and who uses it. <P> Also for both Linux and Windows NT installations the <TT>internal</TT> users default password is set to <TT>oracle</TT>. This user name is used to connect effectivley as SYS without having the SYS password. <P> Here is a table listing all of the default users and passwords i could find for both Operating Systems. The usernames / passwords colored in Orange are the ones installed from a standard installation. <BR> <BR> <CENTER> <TABLE BORDER=1 CELLPADDING=0 CELLSPACING=0> <TR STYLE='background:silver'><TD width=220>WINDOWS NT</TD><TD width=220>LINUX</TD><TD width=220>PRIVILEGES</TD></TR> <TR><TD width=220>ADAMS/WOOD</TD><TD width=220 BGCOLOR=ORANGE>ADAMS/WOOD</TD><TD width=220>.</TD></TR> <TR><TD width=220>AQDEMO/AQDEMO</TD><TD width=220>AQDEMO/AQDEMO</TD><TD width=220>.</TD></TR> <TR><TD width=220>AQUSER/AQUSER</TD><TD width=220>AQUSER/AQUSER</TD><TD width=220>.</TD></TR> <TR><TD width=220 BGCOLOR=ORANGE>AURORA$ORB$UNAUTHENTICATED/INVALID</TD><TD width=220>AURORA$ORB$UNAUTHENTICATED/INVALID</TD><TD width=220>.</TD></TR> <TR><TD width=220>BLAKE/PAPER</TD><TD width=220 BGCOLOR=ORANGE>BLAKE/PAPER</TD><TD width=220>.</TD></TR> <TR><TD width=220>CATALOG/CATALOG</TD><TD width=220>.</TD><TD width=220>.</TD></TR> <TR><TD width=220>CDEMO82/CDEMO82</TD><TD width=220>CDEMO82/CDEMO82</TD><TD width=220>.</TD></TR> <TR><TD width=220>CDEMOCOR/CDEMOCOR</TD><TD width=220>CDEMOCOR/CDEMOCOR</TD><TD width=220>.</TD></TR> <TR><TD width=220>CDEMOUCB/CDEMOUCB</TD><TD width=220>.</TD><TD width=220>.</TD></TR> <TR><TD width=220>.</TD><TD width=220>CDEMORID/CDEMORID</TD><TD width=220>.</TD></TR> <TR><TD width=220>CLARK/CLOTH</TD><TD width=220 BGCOLOR=ORANGE>CLARK/CLOTH</TD><TD width=220>.</TD></TR> <TR><TD width=220>COMPANY/COMPANY</TD><TD width=220>COMPANY/COMPANY</TD><TD width=220>All Privileges</TD></TR> <TR><TD width=220 BGCOLOR=ORANGE>CTXSYS/CTXSYS</TD><TD width=220>CTXSYS/<PASSED IN></TD><TD width=220>DBA</TD></TR> <TR><TD width=220 BGCOLOR=ORANGE>DBSNMP/DBSNMP</TD><TD width=220 BGCOLOR=ORANGE>DBSNMP/DBSNMP</TD><TD width=220>.</TD></TR> <TR><TD width=220 BGCOLOR=ORANGE>DEMO/DEMO</TD><TD width=220>.</TD><TD width=220>.</TD></TR> <TR><TD width=220>DEMO8/DEMO8</TD><TD width=220>DEMO8/DEMO8</TD><TD width=220>.</TD></TR> <TR><TD width=220>EMP/EMP</TD><TD width=220>.</TD><TD width=220>.</TD></TR> <TR><TD width=220>EVENT/EVENT</TD><TD width=220>EVENT/EVENT</TD><TD width=220>DBA</TD></TR> <TR><TD width=220>FINANCE/FINANCE</TD><TD width=220>FINANCE/FINANCE</TD><TD width=220>All Privileges</TD></TR> <TR><TD width=220>FND/FND</TD><TD width=220>FND/FND</TD><TD width=220>.</TD></TR> <TR><TD width=220>GPFD/GPFD</TD><TD width=220>GPFD/GPFD</TD><TD width=220>.</TD></TR> <TR><TD width=220>GPLD/GPLD</TD><TD width=220>GPLD/GPLD</TD><TD width=220>.</TD></TR> <TR><TD width=220>JONES/STEEL</TD><TD width=220 BGCOLOR=ORANGE>JONES/STEEL</TD><TD width=220>.</TD></TR> <TR><TD width=220 BGCOLOR=ORANGE>MDSYS/MDSYS</TD><TD width=220>MDSYS/MDSYS</TD><TD width=220>All Privileges with Admin</TD></TR> <TR><TD width=220>MFG/MFG</TD><TD width=220>MFG/MFG</TD><TD width=220>All Privileges</TD></TR> <TR><TD width=220>MILLER/MILLER</TD><TD width=220>MILLER/MILLER</TD><TD width=220. </TD></TR> <TR><TD width=220>MMO2/MMO2</TD><TD width=220>MMO2/MMO2</TD><TD width=220>.</TD></TR> <TR><TD width=220>.</TD><TD width=220>MODTEST/YES</TD><TD width=220>DBA</TD></TR> <TR><TD width=220>MOREAU/MOREAU</TD><TD width=220>MOREAU/MOREAU</TD><TD width=220>.</TD></TR> <TR><TD width=220>.</TD><TD width=220>NAMES/NAMES</TD><TD width=220>.</TD></TR> <TR><TD width=220 BGCOLOR=ORANGE>MTSSYS/MTSSYS</TD><TD width=220>.</TD><TD width=220>.</TD></TR> <TR><TD width=220>OCITEST/OCITEST</TD><TD width=220>OCITEST/OCITEST</TD><TD width=220>.</TD></TR> <TR><TD width=220 BGCOLOR=ORANGE>ORDPLUGINS/ORDPLUGINS</TD><TD width=220>ORDPLUGINS/ORDPLUGINS</TD><TD width=220>.</TD></TR> <TR><TD width=220 BGCOLOR=ORANGE>ORDSYS/ORDSYS</TD><TD width=220>ORDSYS/ORDSYS</TD><TD width=220>.</TD></TR> <TR><TD width=220 BGCOLOR=ORANGE>OUTLN/OUTLN</TD><TD width=220 BGCOLOR=ORANGE>OUTLN/OUTLN</TD><TD width=220>.</TD></TR> <TR><TD width=220>PO/PO</TD><TD width=220>PO/PO</TD><TD width=220>DBA</TD></TR> <TR><TD width=220>POWERCARTUSER/POWERCARTUSER</TD><TD width=220>POWERCARTUSER/POWERCARTUSER</TD><TD width=220>.</TD></TR> <TR><TD width=220>PRIMARY/PRIMARY</TD><TD width=220>PRIMARY/PRIMARY</TD><TD width=220>.</TD></TR> <TR><TD width=220>PUBSUB/PUBSUB</TD><TD width=220>PUBSUB/PUBSUB</TD><TD width=220>DBA</TD></TR> <TR><TD width=220>RE/RE</TD><TD width=220>.</TD><TD width=220>.</TD></TR> <TR><TD width=220>RMAIL/RMAIL</TD><TD width=220>.</TD><TD width=220>.</TD></TR> <TR><TD width=220>SAMPLE/SAMPLE</TD><TD width=220>.</TD><TD width=220>DBA</TD></TR> <TR><TD width=220 BGCOLOR=ORANGE>SCOTT/TIGER</TD><TD width=220 BGCOLOR=ORANGE>SCOTT/TIGER</TD><TD width=220>.</TD></TR> <TR><TD width=220>SECDEMO/SECDEMO</TD><TD width=220>SECDEMO/SECDEMO</TD><TD width=220>.</TD></TR> <TR><TD width=220 BGCOLOR=ORANGE>SYS/CHANGE_ON_INSTALL</TD><TD width=220 BGCOLOR=ORANGE>SYS/CHANGE_ON_INSTALL</TD><TD width=220>SUPERUSER DBA</TD></TR> <TR><TD width=220 BGCOLOR=ORANGE>SYSTEM/MANAGER</TD><TD width=220 BGCOLOR=ORANGE>SYSTEM/MANAGER</TD><TD width=220>DBA</TD></TR> <TR><TD width=220>TRACESVR/TRACE</TD><TD width=220>.</TD><TD width=220>.</TD></TR> <TR><TD width=220>TSDEV/TSDEV</TD><TD width=220>TSDEV/TSDEV</TD><TD width=220>.</TD></TR> <TR><TD width=220>TSUSER/TSUSER</TD><TD width=220>TSUSER/TSUSER</TD><TD width=220>.</TD></TR> <TR><TD width=220>USER0/USER0</TD><TD width=220>USER0/USER0</TD><TD width=220>.</TD></TR> <TR><TD width=220>USER1/USER1</TD><TD width=220>USER1/USER1</TD><TD width=220>.</TD></TR> <TR><TD width=220>USER2/USER2</TD><TD width=220>USER2/USER2</TD><TD width=220>.</TD></TR> <TR><TD width=220>USER3/USER3</TD><TD width=220>USER3/USER3</TD><TD width=220>.</TD></TR> <TR><TD width=220>USER4/USER4</TD><TD width=220>USER4/USER4</TD><TD width=220>.</TD></TR> <TR><TD width=220>USER5/USER5</TD><TD width=220>USER5/USER5</TD><TD width=220>.</TD></TR> <TR><TD width=220>USER6/USER6</TD><TD width=220>USER6/USER6</TD><TD width=220>.</TD></TR> <TR><TD width=220>USER7/USER7</TD><TD width=220>USER7/USER7</TD><TD width=220>.</TD></TR> <TR><TD width=220>USER8/USER8</TD><TD width=220>USER8/USER8</TD><TD width=220>.</TD></TR> <TR><TD width=220>USER9/USER9</TD><TD width=220>USER9/USER9</TD><TD width=220>.</TD></TR> <TR><TD width=220>VRR1/VRR1</TD><TD width=220>VRR1/VRR1</TD><TD width=220>DBA</TD></TR> </TABLE> </CENTER> </BODY> </HTML> =CUT======================================================================= __________________________________________________________________ Your favorite stores, helpful shopping tools and great gift ideas. Experience the convenience of buying online with Shop@Netscape! http://shopnow.netscape.com/ Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Mon Jul 23 2001 - 06:54:50 PDT