Red-Database-Security GmbH ist Spezialist für Oracle Security

Produkte
Repscan 2.5
Hedgehog Enterprise
Checkpwd (free)

Dienstleistungen
Oracle Audit / Hardening (Härten)
Security Schulungen
Consulting

Informationen
Oracle Sicherheit Blog
Veröffentlichte Alerts RSS Published Alerts
Gemeldete Alerts RSS Upcoming Alerts
Patch Informationen
Whitepaper
Präsentationen
Fakten
Exploits
Tutorials
Videos
Skripte

Neuigkeiten/Termine
Termine
Neuigkeiten

Firma
Kontakt
Mitarbeiter
Partner
Impressum
Sitemap


Search



Search Red-Database-Security
How to guess Oracle SIDs

If you connect to an Oracle database you must specify a SID. If the Oracle SID is correct your login request is forwarded to the database. If the SID is incorrext you are getting the following error message ("ORA-12505: TNS:listener does not currently know of SID given in connect descriptor").

This can be used to brute force Oracle SIDs. For a list of default SID see Oracle Default SID


If you are interesting in a free version of sidguess, please send me an email.

Sidguess checks 190 SIDs per second. (approx. 3 hours for all SIDs length, 4 days for all SIDs length 5)



Usage of sidguess:

C:\> sidguess host=xp10104 port=1521 sidfile=sid.txt
Sidguess 1.00 - (c) 2006 by Red-Database-Security GmbH
Oracle Security Consulting, Security Audits & Security Trainings
http://www.red-database-security.com


SID found: XE




References



© 2006 by Red-Database-Security GmbH - last update 19-jan-2006