|
||
|
Title: SID & Oracle 10? Post by Pete Finnigan on Sep 28th, 2007, 1:33pm Hi I'm tasked with security testing a new Oracle 10 database and am concerned that the SID may not be in any dictionary file of current tools such as sidguess. Has anyone used the brute force method successfully - I found the win version generated an error about couldn't find file when I used it in my test environment despite having the orcale client installed (& therefore the oci.dll). A version on a linux sec cd using the option broot= returned nothing even when used against a 2 character sid. I'd be interested in whether anyone else has used the tool sucessfully Many thanks |
||
|
Title: Re: SID & Oracle 10? Post by Pete Finnigan on Oct 1st, 2007, 11:25pm Hi I just uploaded a corrected version of sidguess for Windows. This version is now working with brute force too... ----------------------------------------- Usage of sidguess: (dictionary mode) C:\> sidguess host=xp10104 port=1521 sidfile=sid.txt Sidguess 1.02 - (c) 2006-2007 by Red-Database-Security GmbH Oracle Security Consulting, Security Audits & Security Training SID found: XE ----------------------------------------- ----------------------------------------- Usage of sidguess: (brute force mode) C:\> sidguess host=xp10104 port=1521 brute=4 Sidguess 1.02 - (c) 2006-2007 by Red-Database-Security GmbH Oracle Security Consulting, Security Audits & Security Training SID found: TDE ----------------------------------------- sidguess 1.0.2 is available from the following URL: Regards Alexander Kornbrust -- |
||
|
Title: Re: SID & Oracle 10? Post by Pete Finnigan on Oct 2nd, 2007, 8:29am Thanks for the news of the update Alex. cheers Pete |
||
|
Title: Re: SID & Oracle 10? Post by Pete Finnigan on Oct 2nd, 2007, 1:13pm Thats great Many thanks! |
||
|
Powered by YaBB 1 Gold - SP 1.4! Forum software copyright © 2000-2004 Yet another Bulletin Board |