Penetration Testing mailing list archives

Re: [PEN-TEST] Informix

From: "Hoz, Martin" <mhoz () CITI COM MX>
Date: Thu, 28 Sep 2000 10:54:38 -0500

The first thing that comes to my mind is try to use
"informix:informix" as username and password at
the UNIX login prompt...

Other issue: try to sniff the informix user password.
;-) (Only possible, of course, if the don't have any
encryption technology in place).

I don't know about any automated tool like DBScanner
for Informix, but I was a Junior DBA a few years ago.
And if you have  access to the infomix account, you
can modify configuration (~/etc/onconfig) you may be
able to edit default dbspaces (dbaccess), shutdown
databases (onstat ) and such kind of things...

Very similar to the oracle account for ORACLE databases.

This may not be the answer you're looking for, but I
hope this helps in any way. :-)

Regards

--
Martin Humberto Hoz Salvador
Information Security Consultant (ISS ICU, Check Point CCSE)
Corporacion en Investigacion Tecnologica e Informatica, S.A. de C.V.
Sendero Sur  285  Col. Contry,  Monterrey,  Nuevo Leon 64860, MEXICO
Phone: +(52)(8) 357-2267 x135   Fax: +(52)(8) 357-8047
E-mail: mhoz () citi com mx        WWW:  http://www.citi.com.mx
PGPKey ID: 0x0454E8D9           ICQ Number: 31631540

"Customer service is not a department... it's an attitude"

Current thread:

[PEN-TEST] Informix Hyde, Mark (GEO) (Sep 28)
- Re: [PEN-TEST] Informix Hoz, Martin (Sep 28)
- <Possible follow-ups>
- Re: [PEN-TEST] Informix Curphey, Mark (ISS Atlanta) (Sep 28)
- Re: [PEN-TEST] Informix Craig, Scott (Sep 29)