Red-Database-Security GmbH is specialized in Oracle Security

Products
Repscan 2.5
Hedgehog Enterprise
Checkpwd (free)

Services
Oracle Audit / Hardening
Security Training
Consulting

Information
Oracle Security Blog
Published Alerts
Upcoming Alerts
Patch Information
Whitepaper
Presentations
Oracle Fact Sheets
Exploits
Tutorials
Videos
Scripts

News & Events
Events
News

Company
Contact
People
Partner
Impressum
Sitemap


Search



Search Red-Database-Security
How to guess Oracle SIDs

If you connect to an Oracle database you must specify a SID. If the Oracle SID is correct your login request is forwarded to the database. If the SID is incorrext you are getting the following error message ("ORA-12505: TNS:listener does not currently know of SID given in connect descriptor").

This can be used to brute force Oracle SIDs. For a list of default SID see Oracle Default SID


Sidguess checks 190 SIDs per second. (approx. 3 hours for all SIDs length, 4 days for all SIDs length 5)



Usage of sidguess: (dictionary mode)

C:\> sidguess host=xp10104 port=1521 sidfile=sid.txt
Sidguess 1.02 - (c) 2006-2007 by Red-Database-Security GmbH
Oracle Security Consulting, Security Audits & Security Training
http://www.red-database-security.com


SID found: XE



Usage of sidguess: (brute force mode)


C:\> sidguess host=xp10104 port=1521 brute=4
Sidguess 1.02 - (c) 2006-2007 by Red-Database-Security GmbH
Oracle Security Consulting, Security Audits & Security Training
http://www.red-database-security.com


SID found: TDE




References



© 2006-2008 by Red-Database-Security GmbH - last update 8-may-2008