Penetration Testing mailing list archives

[Suspected Spam]RE: Profiling a Networks Infrastructure

From: "Syed Khaden" <Syed () Secure-Bytes com>
Date: Thu, 25 Jun 2009 23:05:37 -0600

If you want to find oracle databases on the local network you should
consider using TNS ping  or SID tester this tool will send a custom packet
to the oracle listener to get oracle SID information from the database
server. Up to Oracle 9i R2 SID information could easily be retrieved by
intruder but since the release of 10g Oracle tried to hide this information.
One of the methods adapted by hackers is to try the SID is to send different
combinations of oracle database SID names and see if it matches the SID name
on the database server. Once you get the SID information you can run default
password attack or Brute Force Attack on the oracle server as you may know
that on most of the server Scott and DBSNMP are open 
Happy test.


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Muhammad Farooq-i-Azam
Sent: Wednesday, June 24, 2009 1:43 AM
To: pma111
Cc: pen-test () securityfocus com
Subject: Re: Profiling a Networks Infrastructure



On Mon, Jun 22, 2009 at 08:18:50AM -0700, pma111 wrote:
# 
# Is there a specific tool or procedure you use when you want to "profile" a
# specific network. Namely, I would like to see what options somebody could
# use to identify every internal Oracle Database / Database Server that
# resides on the Network. Could this be done without tools by some kind of

You may use portscan tools like nmap to scan a network and identify
hosts which are running particular services. 

$ man nmap

# command line instruction, or would it require software installing on the
# network. Or is it no way near as simplistic as this, and even a user sat
# inside the network would need access to network documentation / diagrams
etc
# to identify a full list of all internal Oracle DB's / DB Servers. 
# 
# 



-- 
Muhammad Farooq-i-Azam

lists () chase org pk
http://www.chase.org.pk/

                                          {((((((
                                          /_  _  )
                                         ( .  .   )
                                          ( /   )
----------------------------------oOOo------------oOOo----------------
        THE LAST BUG
"But you're out of your mind,"              It still wasn't perfect,
They said with a shrug.                     As year followed year,
"The customer's happy;                      And strangers would comment,
What's one little bug?"                     "Is that guy still here?"
But he was determined.                      He died at the console,
The others went home.                       Of hunger and thirst.
He spread out the program,                  Next day he was buried,
Deserted, alone.                            Face down, nine-edge first.
The cleaning men came,                      And the last bug in sight,
The whole room was cluttered                An ant passing by,
With memory-dumps, punch cards.             Saluted his tombstone,
"I'm close," he muttered.                   And whispered, "Nice try."
The mumbling got louder,
Simple deduction,
"I've got it, it's right,
Just change one instruction."
----------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually
do a proper penetration test. IACRB CPT and CEPT certs require a full
practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------




------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------

Current thread:

Profiling a Networks Infrastructure pma111 (Jun 22)
- Re: Profiling a Networks Infrastructure pand0ra (Jun 24)
- Re: Profiling a Networks Infrastructure Paul Melson (Jun 24)
  - Re: Profiling a Networks Infrastructure Adriel T. Desautels (Jun 24)
- Re: Profiling a Networks Infrastructure Muhammad Farooq-i-Azam (Jun 24)
  - [Suspected Spam]RE: Profiling a Networks Infrastructure Syed Khaden (Jun 26)
- Re: Profiling a Networks Infrastructure Phil Young (Jun 24)
  - RE: Profiling a Networks Infrastructure Tom Farrar (Jun 24)
- <Possible follow-ups>
- Re: Profiling a Networks Infrastructure lidlosesauge (Jun 26)