Pete Finnigan's Oracle Security Forum (http://www.petefinnigan.com/forum/yabb/YaBB.cgi)
Oracle Security >> Oracle Internals >> Oracle username enumeration
(Message started by: Pete Finnigan on Nov 2nd, 2005, 12:06pm)

Title: Oracle username enumeration
Post by Pete Finnigan on Nov 2nd, 2005, 12:06pm
Hello,

I found it possible to remotely determine if a particular username is valid or not for a database instance. In order to do this i use the oracle client libraries.
I wrote a tool that seems to work against oracle 9 and 10.

I wondered about releasing that tool. Is there a public tool already out there doing this?

Title: Re: Oracle username enumeration
Post by Pete Finnigan on Nov 2nd, 2005, 4:36pm
Bartavelle,

I'm not aware of such a tool. Did you look at the tools
collection of Pete (http://www.petefinnigan.com/tools.htm)?

regards,

Ivan

Title: Re: Oracle username enumeration
Post by Pete Finnigan on Nov 2nd, 2005, 4:56pm
I did. I might publish that tool although it only work on linux x86 and needs the oracle client libs in a few weeks if i can't find evidence it has been done before ...

Title: Re: Oracle username enumeration
Post by Pete Finnigan on Apr 4th, 2006, 10:18pm
Yes, it s possible even without using cli. libs. None released it. Take care.



Powered by YaBB 1 Gold - SP 1.4!
Forum software copyright 2000-2004 Yet another Bulletin Board