This whitepaper is a result of our research in Oracle security and guessing Oracle database SID. In this document I collected all well-known public information about SID guessing and added new techniques which had been succerfully tested during our security audits.
Nowadays there is a lot of public information about Oracle security and a different vulnerabilities that hacker can use to get access to database. Many of these steps are good explained in public resources and in my paper "Oracle database security". Default user accounts are a big known problem and there are many information about it. As for vulnerabilities there are only 10 percent of DBA's regularly installing Critical Patch Updates. Access to OS files and shell can be done using many different techniques such as Extproc, Java, DBMS_JOB, UTL_FILE, DBMS_LOB and others. As for rootkits and cleaningaudit data, in this area hackers are one step behind DBA's. In this information about Oracle security there is one areathat is not so good explained as others. I am talking about getting Oracle SID. Without knowing Oracle database SID attacker cannot get access to database even if he know username and password. With Oracle 10g getting database SID is not so trivial as before. That's why i decided to research this area and write this document as a result of my researching. In this whitepaper i collect all ways to get database SID and add some new techniques.
Different ways to guess Oracle database SID, (1118 KB)