Penetration Testing mailing list archives
[Suspected Spam]RE: Profiling a Networks Infrastructure
From: "Syed Khaden" <Syed () Secure-Bytes com>
Date: Thu, 25 Jun 2009 23:05:37 -0600
If you want to find oracle databases on the local network you should consider using TNS ping or SID tester this tool will send a custom packet to the oracle listener to get oracle SID information from the database server. Up to Oracle 9i R2 SID information could easily be retrieved by intruder but since the release of 10g Oracle tried to hide this information. One of the methods adapted by hackers is to try the SID is to send different combinations of oracle database SID names and see if it matches the SID name on the database server. Once you get the SID information you can run default password attack or Brute Force Attack on the oracle server as you may know that on most of the server Scott and DBSNMP are open Happy test. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Muhammad Farooq-i-Azam Sent: Wednesday, June 24, 2009 1:43 AM To: pma111 Cc: pen-test () securityfocus com Subject: Re: Profiling a Networks Infrastructure On Mon, Jun 22, 2009 at 08:18:50AM -0700, pma111 wrote: # # Is there a specific tool or procedure you use when you want to "profile" a # specific network. Namely, I would like to see what options somebody could # use to identify every internal Oracle Database / Database Server that # resides on the Network. Could this be done without tools by some kind of You may use portscan tools like nmap to scan a network and identify hosts which are running particular services. $ man nmap # command line instruction, or would it require software installing on the # network. Or is it no way near as simplistic as this, and even a user sat # inside the network would need access to network documentation / diagrams etc # to identify a full list of all internal Oracle DB's / DB Servers. # # -- Muhammad Farooq-i-Azam lists () chase org pk http://www.chase.org.pk/ {(((((( /_ _ ) ( . . ) ( / ) ----------------------------------oOOo------------oOOo---------------- THE LAST BUG "But you're out of your mind," It still wasn't perfect, They said with a shrug. As year followed year, "The customer's happy; And strangers would comment, What's one little bug?" "Is that guy still here?" But he was determined. He died at the console, The others went home. Of hunger and thirst. He spread out the program, Next day he was buried, Deserted, alone. Face down, nine-edge first. The cleaning men came, And the last bug in sight, The whole room was cluttered An ant passing by, With memory-dumps, punch cards. Saluted his tombstone, "I'm close," he muttered. And whispered, "Nice try." The mumbling got louder, Simple deduction, "I've got it, it's right, Just change one instruction." ---------------------------------------------------------------------- ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Profiling a Networks Infrastructure pma111 (Jun 22)
- Re: Profiling a Networks Infrastructure pand0ra (Jun 24)
- Re: Profiling a Networks Infrastructure Paul Melson (Jun 24)
- Re: Profiling a Networks Infrastructure Adriel T. Desautels (Jun 24)
- Re: Profiling a Networks Infrastructure Muhammad Farooq-i-Azam (Jun 24)
- [Suspected Spam]RE: Profiling a Networks Infrastructure Syed Khaden (Jun 26)
- Re: Profiling a Networks Infrastructure Phil Young (Jun 24)
- RE: Profiling a Networks Infrastructure Tom Farrar (Jun 24)
- <Possible follow-ups>
- Re: Profiling a Networks Infrastructure lidlosesauge (Jun 26)