Penetration Testing mailing list archives
[PEN-TEST] hacking oracle questions
From: anindya <anindya () GOONDA ORG>
Date: Wed, 29 Nov 2000 21:17:35 -0500
Hi folks, I have some questions about hacking Oracle, specifically version 7.x or 8.x. I have a DBA access account, and can query the SYS.* tables no problem. I also have access to the tnsnames.ora file, so I know the SIDs and where the listeners are. I should mention the target is on an NT 4.0 box. 1) How do I discover what table names exist in a particular Oracle database i.e. the schema? Once I have the table names, I can use the "describe" command in svrmgrl to get the columns in the table , but apparently there is no easy way to get the table names themselves.. 2) It appears I may need to use the Schema Editor (java interface), but it doesn't appear that the username/password there match up with any user accounts in Oracle. What is the relationship between the accounts for the java interface versus actual Oracle accounts (accessible through sqlplus)? 3) The field I want is apparently using Oracle's field-level encryption, this is commonly used for credit card numbers and the like, does anyone have experience decrypting this? This is the only hacking oracle info I have found on the net so far, its quite useful: http://www.wittys.com/files/vvandal/ Any help would be appreciated, thanks, --Anindya
Current thread:
- [PEN-TEST] hacking oracle questions anindya (Dec 01)
- Re: [PEN-TEST] hacking oracle questions Edwards, Steve (Dec 01)
- Re: [PEN-TEST] hacking oracle questions Ryan Russell (Dec 01)
- Re: [PEN-TEST] hacking oracle questions William D. Colburn (aka Schlake) (Dec 01)
- Re: [PEN-TEST] hacking oracle questions Talisker (Dec 01)
- <Possible follow-ups>
- Re: [PEN-TEST] hacking oracle questions Hull, Dave (Dec 01)
- Re: [PEN-TEST] hacking oracle questions Michael Owen (Dec 01)