Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Oracle 8i

From: pfinn999 () netscape net
Date: Mon, 23 Jul 2001 05:05:21 -0400
Hi All

I have been looking into the default accounts that can be created during a standard installation of Oracle8i 8.1.5 for 
linux and for windows NT. There are a number of accounts created by default and a lot more that can be created by 
running various installtion / example scripts in the oracle installation directories. I have created a simple page of 
HTML pasted below with a table of linux, and winNT users/passwords, key privileges and identified the users created as 
standard.

cheers

Pete Finnigan
PenTest Limited
Manchester UK.


Here is the HTML

==CUT======================================================================
<HTML>
<BODY>
<DIV ALIGN=LEFT>
<H3>Investigation of Default Oracle Accounts</H3></DIV>
<P>
    I have investigated standard installations of the Oracle 8i <I>RDBMS</I> on both
    Linux and Windows NT for version <I>8.1.5</I> and have found the following possible
    default accounts and password's that could be installed. I have installed the 
    standard <I>RDBMS</I> and development tools. This gives us 9 default accounts under 
    Linux and 12 under Windows NT. 
<P>
    The Windows NT installation is more dangerous as it provides a <I>DBA</I> account
    with the user CTXSYS and also the user MDSYS has "ALL PRIVILEGES WITH ADMIN" granted.
    Having "ALL PRIVILEGES" is as good as having <I>dba</I> privileges. None of the Linux
    default users is as dangerous as this, except of course SYS and SYSTEM if the passwords
    have been left set to the defaults.
<P>
    There are 52 default users for Linux and 57 for Windows NT. You are never going to 
    see all of these users in one database unless someone is experimenting but its 
    going to be possible to see some of them. I found out these users by searching all 
    of the SQL files provided by Oracle in the standard installation.
<P>
    Remember it's the data in the actual database that should be protected, and most
    often it's not. Its not necessary to get SYS, SYSTEM or even a DBA to get at user
    data in an Oracle database. A user such as DBSNMP or OUTLN can access a list of
    users in the database. The actual user information is stored in a database table
    called <TT>USER$</TT> owned by the user SYS. Unless you are very lucky and someone
    has inadvertently granted access to this table you will not be able to see it unless
    you are logged on as SYS. There is also a view <TT>DBA_USERS</TT> that accesses this
    SYS table. Access is granted to select from this view to users who are DBA, or who 
    have been granted permission to select any view. All is not lost though as any user
    who has the minimum permissions such as DBSNMP can access another view called <TT>ALL_USERS</TT>. 
    This view doesn't let you see the password hash, but does let you get a list of all
    of the database users. If you can get a users password and quite often they are
    set to USER_NAME/USER_NAME then you can probably access the production schema and 
    certainly do SQL Injection on the application. Using one of the innocent users such
    as DBSNMP or OUTLN you can glean a lot of information about a database, and who uses it.
<P>
    Also for both Linux and Windows NT installations the <TT>internal</TT> users default
    password is set to <TT>oracle</TT>. This user name is used to connect effectivley as
    SYS without having the SYS password.
<P>
    Here is a table listing all of the default users and passwords i could find for both
    Operating Systems. The usernames / passwords colored in Orange are the ones installed
    from a standard installation.
<BR>
<BR>
<CENTER>
<TABLE BORDER=1 CELLPADDING=0 CELLSPACING=0>
<TR STYLE='background:silver'><TD width=220>WINDOWS NT</TD><TD width=220>LINUX</TD><TD width=220>PRIVILEGES</TD></TR>
<TR><TD width=220>ADAMS/WOOD</TD><TD width=220 BGCOLOR=ORANGE>ADAMS/WOOD</TD><TD width=220>.</TD></TR>
<TR><TD width=220>AQDEMO/AQDEMO</TD><TD width=220>AQDEMO/AQDEMO</TD><TD width=220>.</TD></TR>
<TR><TD width=220>AQUSER/AQUSER</TD><TD width=220>AQUSER/AQUSER</TD><TD width=220>.</TD></TR>
<TR><TD width=220 BGCOLOR=ORANGE>AURORA$ORB$UNAUTHENTICATED/INVALID</TD><TD 
width=220>AURORA$ORB$UNAUTHENTICATED/INVALID</TD><TD width=220>.</TD></TR>
<TR><TD width=220>BLAKE/PAPER</TD><TD width=220 BGCOLOR=ORANGE>BLAKE/PAPER</TD><TD width=220>.</TD></TR>
<TR><TD width=220>CATALOG/CATALOG</TD><TD width=220>.</TD><TD width=220>.</TD></TR>
<TR><TD width=220>CDEMO82/CDEMO82</TD><TD width=220>CDEMO82/CDEMO82</TD><TD width=220>.</TD></TR>
<TR><TD width=220>CDEMOCOR/CDEMOCOR</TD><TD width=220>CDEMOCOR/CDEMOCOR</TD><TD width=220>.</TD></TR>
<TR><TD width=220>CDEMOUCB/CDEMOUCB</TD><TD width=220>.</TD><TD width=220>.</TD></TR>
<TR><TD width=220>.</TD><TD width=220>CDEMORID/CDEMORID</TD><TD width=220>.</TD></TR>
<TR><TD width=220>CLARK/CLOTH</TD><TD width=220 BGCOLOR=ORANGE>CLARK/CLOTH</TD><TD width=220>.</TD></TR>
<TR><TD width=220>COMPANY/COMPANY</TD><TD width=220>COMPANY/COMPANY</TD><TD width=220>All Privileges</TD></TR>
<TR><TD width=220 BGCOLOR=ORANGE>CTXSYS/CTXSYS</TD><TD width=220>CTXSYS/<PASSED IN></TD><TD width=220>DBA</TD></TR>
<TR><TD width=220 BGCOLOR=ORANGE>DBSNMP/DBSNMP</TD><TD width=220 BGCOLOR=ORANGE>DBSNMP/DBSNMP</TD><TD 
width=220>.</TD></TR>
<TR><TD width=220 BGCOLOR=ORANGE>DEMO/DEMO</TD><TD width=220>.</TD><TD width=220>.</TD></TR>
<TR><TD width=220>DEMO8/DEMO8</TD><TD width=220>DEMO8/DEMO8</TD><TD width=220>.</TD></TR>
<TR><TD width=220>EMP/EMP</TD><TD width=220>.</TD><TD width=220>.</TD></TR>
<TR><TD width=220>EVENT/EVENT</TD><TD width=220>EVENT/EVENT</TD><TD width=220>DBA</TD></TR>
<TR><TD width=220>FINANCE/FINANCE</TD><TD width=220>FINANCE/FINANCE</TD><TD width=220>All Privileges</TD></TR>
<TR><TD width=220>FND/FND</TD><TD width=220>FND/FND</TD><TD width=220>.</TD></TR>
<TR><TD width=220>GPFD/GPFD</TD><TD width=220>GPFD/GPFD</TD><TD width=220>.</TD></TR>
<TR><TD width=220>GPLD/GPLD</TD><TD width=220>GPLD/GPLD</TD><TD width=220>.</TD></TR>
<TR><TD width=220>JONES/STEEL</TD><TD width=220 BGCOLOR=ORANGE>JONES/STEEL</TD><TD width=220>.</TD></TR>
<TR><TD width=220 BGCOLOR=ORANGE>MDSYS/MDSYS</TD><TD width=220>MDSYS/MDSYS</TD><TD width=220>All Privileges with 
Admin</TD></TR>
<TR><TD width=220>MFG/MFG</TD><TD width=220>MFG/MFG</TD><TD width=220>All Privileges</TD></TR>
<TR><TD width=220>MILLER/MILLER</TD><TD width=220>MILLER/MILLER</TD><TD width=220. </TD></TR>
<TR><TD width=220>MMO2/MMO2</TD><TD width=220>MMO2/MMO2</TD><TD width=220>.</TD></TR>
<TR><TD width=220>.</TD><TD width=220>MODTEST/YES</TD><TD width=220>DBA</TD></TR>
<TR><TD width=220>MOREAU/MOREAU</TD><TD width=220>MOREAU/MOREAU</TD><TD width=220>.</TD></TR>
<TR><TD width=220>.</TD><TD width=220>NAMES/NAMES</TD><TD width=220>.</TD></TR>
<TR><TD width=220 BGCOLOR=ORANGE>MTSSYS/MTSSYS</TD><TD width=220>.</TD><TD width=220>.</TD></TR>
<TR><TD width=220>OCITEST/OCITEST</TD><TD width=220>OCITEST/OCITEST</TD><TD width=220>.</TD></TR>
<TR><TD width=220 BGCOLOR=ORANGE>ORDPLUGINS/ORDPLUGINS</TD><TD width=220>ORDPLUGINS/ORDPLUGINS</TD><TD 
width=220>.</TD></TR>
<TR><TD width=220 BGCOLOR=ORANGE>ORDSYS/ORDSYS</TD><TD width=220>ORDSYS/ORDSYS</TD><TD width=220>.</TD></TR>
<TR><TD width=220 BGCOLOR=ORANGE>OUTLN/OUTLN</TD><TD width=220 BGCOLOR=ORANGE>OUTLN/OUTLN</TD><TD width=220>.</TD></TR>
<TR><TD width=220>PO/PO</TD><TD width=220>PO/PO</TD><TD width=220>DBA</TD></TR>
<TR><TD width=220>POWERCARTUSER/POWERCARTUSER</TD><TD width=220>POWERCARTUSER/POWERCARTUSER</TD><TD 
width=220>.</TD></TR>
<TR><TD width=220>PRIMARY/PRIMARY</TD><TD width=220>PRIMARY/PRIMARY</TD><TD width=220>.</TD></TR>
<TR><TD width=220>PUBSUB/PUBSUB</TD><TD width=220>PUBSUB/PUBSUB</TD><TD width=220>DBA</TD></TR>
<TR><TD width=220>RE/RE</TD><TD width=220>.</TD><TD width=220>.</TD></TR>
<TR><TD width=220>RMAIL/RMAIL</TD><TD width=220>.</TD><TD width=220>.</TD></TR>
<TR><TD width=220>SAMPLE/SAMPLE</TD><TD width=220>.</TD><TD width=220>DBA</TD></TR>
<TR><TD width=220 BGCOLOR=ORANGE>SCOTT/TIGER</TD><TD width=220 BGCOLOR=ORANGE>SCOTT/TIGER</TD><TD width=220>.</TD></TR>
<TR><TD width=220>SECDEMO/SECDEMO</TD><TD width=220>SECDEMO/SECDEMO</TD><TD width=220>.</TD></TR>
<TR><TD width=220 BGCOLOR=ORANGE>SYS/CHANGE_ON_INSTALL</TD><TD width=220 BGCOLOR=ORANGE>SYS/CHANGE_ON_INSTALL</TD><TD 
width=220>SUPERUSER  DBA</TD></TR>
<TR><TD width=220 BGCOLOR=ORANGE>SYSTEM/MANAGER</TD><TD width=220 BGCOLOR=ORANGE>SYSTEM/MANAGER</TD><TD 
width=220>DBA</TD></TR>
<TR><TD width=220>TRACESVR/TRACE</TD><TD width=220>.</TD><TD width=220>.</TD></TR>
<TR><TD width=220>TSDEV/TSDEV</TD><TD width=220>TSDEV/TSDEV</TD><TD width=220>.</TD></TR>
<TR><TD width=220>TSUSER/TSUSER</TD><TD width=220>TSUSER/TSUSER</TD><TD width=220>.</TD></TR>
<TR><TD width=220>USER0/USER0</TD><TD width=220>USER0/USER0</TD><TD width=220>.</TD></TR>
<TR><TD width=220>USER1/USER1</TD><TD width=220>USER1/USER1</TD><TD width=220>.</TD></TR>
<TR><TD width=220>USER2/USER2</TD><TD width=220>USER2/USER2</TD><TD width=220>.</TD></TR>
<TR><TD width=220>USER3/USER3</TD><TD width=220>USER3/USER3</TD><TD width=220>.</TD></TR>
<TR><TD width=220>USER4/USER4</TD><TD width=220>USER4/USER4</TD><TD width=220>.</TD></TR>
<TR><TD width=220>USER5/USER5</TD><TD width=220>USER5/USER5</TD><TD width=220>.</TD></TR>
<TR><TD width=220>USER6/USER6</TD><TD width=220>USER6/USER6</TD><TD width=220>.</TD></TR>
<TR><TD width=220>USER7/USER7</TD><TD width=220>USER7/USER7</TD><TD width=220>.</TD></TR>
<TR><TD width=220>USER8/USER8</TD><TD width=220>USER8/USER8</TD><TD width=220>.</TD></TR>
<TR><TD width=220>USER9/USER9</TD><TD width=220>USER9/USER9</TD><TD width=220>.</TD></TR>
<TR><TD width=220>VRR1/VRR1</TD><TD width=220>VRR1/VRR1</TD><TD width=220>DBA</TD></TR>
</TABLE>
</CENTER>
</BODY>
</HTML>
=CUT=======================================================================


__________________________________________________________________
Your favorite stores, helpful shopping tools and great gift ideas. Experience the convenience of buying online with 
Shop@Netscape! http://shopnow.netscape.com/

Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Previous By Date Next
Previous By Thread Next

Current thread: