Red-Database-Security GmbH is specialized in Oracle SecurityProductsRepscan 2.5 Hedgehog Enterprise Checkpwd (free)
Services
Information
Company |
How to guess Oracle SIDs If you connect to an Oracle database you must specify a SID. If the Oracle SID is correct your login request is forwarded to the database. If the SID is incorrext you are getting the following error message ("ORA-12505: TNS:listener does not currently know of SID given in connect descriptor"). This can be used to brute force Oracle SIDs. For a list of default SID see Oracle Default SID Sidguess checks 190 SIDs per second. (approx. 3 hours for all SIDs length, 4 days for all SIDs length 5) Usage of sidguess: (dictionary mode) C:\> sidguess host=xp10104 port=1521 sidfile=sid.txt Sidguess 1.02 - (c) 2006-2007 by Red-Database-Security GmbH Oracle Security Consulting, Security Audits & Security Training http://www.red-database-security.com SID found: XE Usage of sidguess: (brute force mode) C:\> sidguess host=xp10104 port=1521 brute=4 Sidguess 1.02 - (c) 2006-2007 by Red-Database-Security GmbH Oracle Security Consulting, Security Audits & Security Training http://www.red-database-security.com SID found: TDE References
© 2006-2008 by Red-Database-Security GmbH - last update 8-may-2008 |