[PEN-TEST] hacking oracle questions

[anindya <anindya () GOONDA ORG>]

Hi folks,

        I have some questions about hacking Oracle, specifically
version 7.x or 8.x. I have a DBA access account, and can query
the SYS.* tables no problem. I also have access to the tnsnames.ora
file, so I know the SIDs and where the listeners are. I should
mention the target is on an NT 4.0 box.

1) How do I discover what table names exist in a particular Oracle database
   i.e. the schema? Once I have the table names, I can use the
   "describe" command in svrmgrl to get the columns in the
   table , but apparently there is no easy way to get the
   table names themselves..

2) It appears I may need to use the Schema Editor (java interface),
   but it doesn't appear that the username/password there match
   up with any user accounts in Oracle. What is the relationship
   between the accounts for the java interface versus actual
   Oracle accounts (accessible through sqlplus)?

3) The field I want is apparently using Oracle's field-level
   encryption, this is commonly used for credit card numbers
   and the like, does anyone have experience decrypting this?

This is the only hacking oracle info I have found on the net
so far, its quite useful:

http://www.wittys.com/files/vvandal/

Any help would be appreciated, thanks,
--Anindya