This whitepaper is a result of our research in Oracle security and guessing Oracle database SID. In this document I collected all well-known public information about SID guessing and added new techniques which had been succerfully tested during our security audits.
Author: Alexandr Polyakov
Nowadays there is a lot of public information about Oracle security and different vulnerabilities that hacker can use to get access to the database. Many of these steps are good explained in public resources and in my paper «Oracle database security». Default user accounts are a big known problem, there are many information about it. As for vulnerabilities, there are only 10 percent of DBA’s regularly installing Critical Patch Updates. Access to OS files and shell can be obtained using many different techniques such as Extproc, Java, DBMS_JOB, UTL_FILE, DBMS_LOB and others. As for rootkits and cleaning-audit data, in this field hackers are one step behind DBA’s. In this information about Oracle security there is one part that is not very good explained as the others. I’m talking about getting Oracle SID. Without knowing Oracle database, SID attacker cannot get access to the database even if he knows username and password. With Oracle 10g getting database SID is not so trivial as before. That’s why I’ve decided to research this area and write this document as a result of my researching. In this whitepaper I’ve collected all the ways to get the database SID and add some new techniques.Different ways to guess Oracle database SID.pdf