Professional Documents
Culture Documents
Module XXIX
EC-Council
Database Penetration
Testing
Step1: Scan for Default Ports
Used by the Database
Use port scanning tools such as Nmap to scan for port used by database
Following are the default ports used for different products like Oracle Database or Oracle Application Server:
Copyright © by EC-Council
EC-Council All Rights reserved. Reproduction is strictly prohibited
Step2: Scan for Non-Default
Ports Used by the Database
Following are the some other ports used by Oracle:
Service Port Notes
tlisrv 1527 -
coauthor 1529 -
oracle-em1 1748 -
oracle-em2 1754 -
Oracle-VP2 1808 -
Oracle-VP1 1809 -
Copyright © by EC-Council
EC-Council All Rights reserved. Reproduction is strictly prohibited
Step 3: Identify the Instance
Names Used by the Database
Database supports multiple instances, but only one instance can be a default instance
Copyright © by EC-Council
EC-Council All Rights reserved. Reproduction is strictly prohibited
Step 6: Sniff Database Related
Traffic on the Local Wire
Sniffing determines
number of database
connections
Copyright © by EC-Council
EC-Council All Rights reserved. Reproduction is strictly prohibited
Step 7: Microsoft SQL Server
Testing
Test for direct access interrogation
Bruteforce SA account
Copyright © by EC-Council
EC-Council All Rights reserved. Reproduction is strictly prohibited
Step 8: Oracle Server Testing
Copyright © by EC-Council
EC-Council All Rights reserved. Reproduction is strictly prohibited
Dictionary Attack Tools
Copyright © by EC-Council
EC-Council All Rights reserved. Reproduction is strictly prohibited
Dictionary Attack Tool: Cain &
Abel
Password recovery tool for Microsoft Operating
Systems
Copyright © by EC-Council
EC-Council All Rights reserved. Reproduction is strictly prohibited
Dictionary Attack Tool: SQLdict
SQLdict: Is a basic single ip brute-force MS SQL Server password utility that can
carry outad dictionary atta ck again st a named SQL account
The use of this tool is simple, just specify the IP address being attacking, the
user account up against and then load an appropriate wordlist to try via the
Load Password File button
Copyright © by EC-Council
EC-Council All Rights reserved. Reproduction is strictly prohibited
Recap