Penetration Testing mailing list archives
Re: [PEN-TEST] Informix
From: "Hoz, Martin" <mhoz () CITI COM MX>
Date: Thu, 28 Sep 2000 10:54:38 -0500
The first thing that comes to my mind is try to use "informix:informix" as username and password at the UNIX login prompt... Other issue: try to sniff the informix user password. ;-) (Only possible, of course, if the don't have any encryption technology in place). I don't know about any automated tool like DBScanner for Informix, but I was a Junior DBA a few years ago. And if you have access to the infomix account, you can modify configuration (~/etc/onconfig) you may be able to edit default dbspaces (dbaccess), shutdown databases (onstat ) and such kind of things... Very similar to the oracle account for ORACLE databases. This may not be the answer you're looking for, but I hope this helps in any way. :-) Regards -- Martin Humberto Hoz Salvador Information Security Consultant (ISS ICU, Check Point CCSE) Corporacion en Investigacion Tecnologica e Informatica, S.A. de C.V. Sendero Sur 285 Col. Contry, Monterrey, Nuevo Leon 64860, MEXICO Phone: +(52)(8) 357-2267 x135 Fax: +(52)(8) 357-8047 E-mail: mhoz () citi com mx WWW: http://www.citi.com.mx PGPKey ID: 0x0454E8D9 ICQ Number: 31631540 "Customer service is not a department... it's an attitude"
Current thread:
- [PEN-TEST] Informix Hyde, Mark (GEO) (Sep 28)
- Re: [PEN-TEST] Informix Hoz, Martin (Sep 28)
- <Possible follow-ups>
- Re: [PEN-TEST] Informix Curphey, Mark (ISS Atlanta) (Sep 28)
- Re: [PEN-TEST] Informix Craig, Scott (Sep 29)