RE: Oracle8i

[Jonathan Rickman <jonathan () xcorps net>]

In addition to oracle/oracle at the OS level. sys / change_on_install is
the default at the DB level. That one's usually changed but the other
(system / manager) is sometimes forgotten.

-- 
Jonathan Rickman
X Corps Security
http://www.xcorps.net

On Mon, 2 Jul 2001, Andrew van der Stock wrote:

> The Oracle 8 listener is always in the news. I'd suggest there. See Covert
> Lab's posts from June 26.
>
> But realistically, try oracle / oracle at the login prompt. You will be
> surprised how often that works.
>
> Never forget the OS the thing runs on, look at seeing if you can sniff the
> network - dba tools are notorious for leaking credentials left right and
> center.
>
> See if you can find installation doco for any clients, or do some social
> engineering to get a client installed on a pre-rigged workstation. That will
> help you try a few different escalation attacks.
>
> Andrew
>
> -----Original Message-----
> From: INA (V. Brahmanandam) [mailto:BrahmanandamV () emiratesbank com]
> Sent: Monday, 2 July 2001 15:17
> To: 'PEN-TEST () SECURITYFOCUS COM'
> Subject: Oracle8i
>
>
> Hi all,
>
> Has any one in this group had a chance to pen-test Oracle 8i running on  Net
> 8 network.
>
>
> --------------------------------------------------------------------------------------
>
> This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service
> For more information on SecurityFocus' SIA service which automatically alerts you to
> the latest security vulnerabilities please see:
>
> https://alerts.securityfocus.com/


--------------------------------------------------------------------------------------

This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service
For more information on SecurityFocus' SIA service which automatically alerts you to 
the latest security vulnerabilities please see:

https://alerts.securityfocus.com/