The Web Local
 

 

 

SIDGuesser

 

SIDGuesser is as the name implies a small command-line based tool that tries to guess instance names for an Oracle database given a user supplied dictionary.  The speed of the tool is relatively slow (80-100 guesses per second) but it does the job.

 

Why do we need it?

The trouble with Oracle 10g and above is that the TNS Listener has a number of extra security features applied that precludes it giving away certain status and service information, (unlike Oracle 9i which gave away everything ;-) ). The database enumeration tools oscanner and oat generally rely on interrogating the Oracle TNS listener to pick up the database SID and with this information they then can perform a brute force/ dictionary based check of Oracle default user accounts and accounts with the same username as password etc.

 

Generally with 10g these 2 tools do not work unless a SID can be enumerated, in addition the oscanner tool cannot have a SID manually assigned leaving it pretty pointless for 10g usage! This new tool, which when tried against both Oracle 9 and 10 did pick up the database SID's. This information can then be supplied to opwg tool in the oat suite by means of the -d option and a breakout/check of user accounts will begin.

 

It is available from here.

 

Installation:

 

To install simply download and create your own custom word file of common database names.

 

Usage:

 

C:\Documents and Settings\hacker \Desktop\sid>SIDGuesser.exe

 

SIDGuesser v1.0.5 by patrik@cqure.net

-------------------------------------

SIDGuesser.exe -i <ip> -d <dictionary> [options]

 

options:

-p       <portnr> Use specific port (default 1521)
-r       <report> Report to file
-m       <mode> findfirst OR findall(default)
 

Expected Output:

Oracle 10g test:

 

C:\Documents and Settings\hacker \Desktop\sid>SIDGuesser.exe -i 192.168.0.223 -d words.txt

 

SIDGuesser v1.0.5 by patrik@cqure.net

-------------------------------------

 

Starting Dictionary Attack (<space> for stats, Q for quit) ...

 

FOUND SID: test

 

Oracle 9i test:

 

If you choose to save it to a file i.e. C:\Documents and Settings\hacker\Desktop\sid>SIDGuesser.exe -i 192.168.0.67 -d words.txt -r results.txt, the contents of the file will look like:

 

SIDGuesser v1.0.5 by patrik@cqure.net

-------------------------------------

FOUND SID: DOCSDATA

FOUND SID: plsEXTPROC

 

 

IT Security News:

 

Pen Testing Framework:

 

Latest Tool Reviews:

 

 

 

  
 

© VulnerabilityAssessment.co.uk 24 February 2008