Vulnerability Development mailing list archives

Re: Oracle

From: romeo () EMERALD-NET DEMON CO UK (Shashi Dookhee)
Date: Mon, 31 Jan 2000 07:27:21 -0000


Um, why exactly was this message allowed to go through?  Help someone not
get caught entering a system without authorisation?  C'mon, be serious...
As a Systems Administrator, I take offence to this! :)  I mean, this guy
obviously doesnt even know much about computing since he dont even know what
type of network he's on (for sure)... Sort it out, B-Boar ;)

Thanx:)

Mr Shashi Dookhee
UNIX Programmer/Senior Systems Administrator
Traffic Interactive Ltd

Tel:      (020) 7616 9039         Fax:  (020) 7616 9030
ISDN:  (020) 7616 9002          Mobile:  07803 760 315
Email:  shashi () traffic co uk   Web:  http://www.traffic.co.uk

-----Original Message-----
From: liberal world <berkandny () HOTMAIL COM>
To: VULN-DEV () SECURITYFOCUS COM <VULN-DEV () SECURITYFOCUS COM>
Date: 31 January 2000 08:19
Subject: Oracle

Hello everybody!
I know that a Data Base Administrator (DBA) can monitor my accessing an
Oracle program in a LANetwork(number of users between 50-100), because I
tested it somehow... In our LAN, entering Windows Networking is realized by
writing User Name, Password and Domain name in a window.I guess that

Windows

NT is used in the LAN because
"Log On To Windows NT Domain" section is selected in the Client for
Microsoft Networks Properties window.My computer uses Windows 95.

2>Some time ago, I had luckily managed to get the DBA's user name and
Password

that were used in Oracle based programs and I freely accessed every oracle
programs since then. After several days past, the DBA changed the Oracle
password (of course, this is not surprising!) Probably, he must have taken

look at some kind of  list showing who has entered which oracle program and
that should
have allowed him to easily discover my unathorized accesses :)
Now I once again got the new DBA password (thanks to a friend who is expert
at reading what is typed in the keyboard!) but, this time I don't want to

so

easily get caught, so I think of a way to enter the program without being
discovered, but don't know how to do it.
So can anyone give information about it? :)
Any info you will give is welcome. Thanks...

______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com

Current thread:

Re: Oracle Shashi Dookhee (Jan 30)
- Re: Oracle (aiding and abetting) Blue Boar (Feb 01)
- <Possible follow-ups>
- Re: Oracle Lars Roeglin (Jan 31)