Here is a sample session of running these scripts to show you how the tools work. The test was run against a 9.2.0.1 database on Windows XP.
Connected to:
Personal Oracle9i Release 9.2.0.1.0 - Production
With the Partitioning, OLAP and Oracle Data Mining options
JServer Release 9.2.0.1.0 - Production
SQL> @\petefinnigan.com\password\marcel-jan\osp_exec.sql
*********************************************
* *
* Welcome to the Oracle Security Probe *
* *
*********************************************
Connectstring (destination database): sans
Password of oraprobe?: ********
Connected.
Oracle accounts with default passwords
======================================
Username: SYS
Password: CHANGE_ON_INSTALL
-----------------------------------------------
WARNING! The password of SYS is a default password.
It is well known to hackers
Additional information:
SYS is Oracle's most powerful database management account.
It allows to read,change and destroy all data in your database.
Username: SYSTEM
Password: MANAGER
-----------------------------------------------
WARNING! The password of SYSTEM is a default password.
It is well known to hackers
Additional information:
SYSTEM is Oracle's database management account.
It allows to read, change and destroy all data in your database.
Username: SCOTT
Password: TIGER
-----------------------------------------------
WARNING! The password of SCOTT is a default password.
It is well known to hackers
Additional information:
This is a training account. It should not be available
in a production environment.
Username: DBSNMP
Password: DBSNMP
-----------------------------------------------
WARNING! The password of DBSNMP is a default password.
It is well known to hackers
Additional information:
DBSNMP is an account for the Oracle Intelligent Agent.
Under certain circumstances it allows to read passwords from memory.
Username: QS_ES
Password: CHANGE_ON_INSTALL
Status: EXPIRED & LOCKED(TIMED)
-----------------------------------------------
WARNING! The password of QS_ES is a default password.
It is well known to hackers
Additional information:
This is a training account. It should not be available
in a production environment.
Username: WMSYS
Password: WMSYS
Status: LOCKED
-----------------------------------------------
WARNING! The password of WMSYS is a default password.
It is well known to hackers
Additional information:
Username: ORDSYS
Password: ORDSYS
Status: EXPIRED & LOCKED
-----------------------------------------------
WARNING! The password of ORDSYS is a default password.
It is well known to hackers
Additional information:
The account ORDSYS (Oracle Time Series) has a limited number of
risky system privileges, amongst which those to use external
libraries and run code on the operating system.
Username: ORDPLUGINS
Password: ORDPLUGINS
Status: EXPIRED & LOCKED
-----------------------------------------------
WARNING! The password of ORDPLUGINS is a default password.
It is well known to hackers
Additional information:
ORDPLUGINS is an administrative account for Oracle Time Series.
Username: MDSYS
Password: MDSYS
Status: EXPIRED & LOCKED
-----------------------------------------------
WARNING! The password of MDSYS is a default password.
It is well known to hackers
Additional information:
The account MDSYS (Oracle Spatial administrator) has DBA-like
privileges, which allow to read, change and destroy all data
in your database.
Username: CTXSYS
Password: CHANGE_ON_INSTALL
Status: EXPIRED & LOCKED
-----------------------------------------------
WARNING! The password of CTXSYS is a default password.
It is well known to hackers
Additional information:
CTXSYS (Oracle Text/Intermedia Text/Context option) is
an account with DBA privileges and therefor allows to read,
change and destroy all data in your database.
Username: XDB
Password: CHANGE_ON_INSTALL
Status: EXPIRED & LOCKED
-----------------------------------------------
WARNING! The password of XDB is a default password.
It is well known to hackers
Additional information:
Username: WKSYS
Password: CHANGE_ON_INSTALL
Status: EXPIRED & LOCKED
-----------------------------------------------
WARNING! The password of WKSYS is a default password.
It is well known to hackers
Additional information:
WKSYS is an administrative account of Oracle9iAS Ultrasearch.
Username: WKPROXY
Password: CHANGE_ON_INSTALL
Status: EXPIRED & LOCKED
-----------------------------------------------
WARNING! The password of WKPROXY is a default password.
It is well known to hackers
Additional information:
WKPROXY is an administrative account of Oracle9iAS Ultrasearch.
Username: ODM
Password: ODM
Status: EXPIRED & LOCKED
-----------------------------------------------
WARNING! The password of ODM is a default password.
It is well known to hackers
Additional information:
Username: ODM_MTR
Password:
Status: EXPIRED & LOCKED
-----------------------------------------------
WARNING! The password of ODM_MTR is a default password.
It is well known to hackers
Additional information:
Username: OLAPSYS
Password: MANAGER
Status: EXPIRED & LOCKED
-----------------------------------------------
WARNING! The password of OLAPSYS is a default password.
It is well known to hackers
Additional information:
OLAPSYS is an administrative account for the OLAP Services option.
Username: RMAN
Password: RMAN
Status: EXPIRED & LOCKED
-----------------------------------------------
WARNING! The password of RMAN is a default password.
It is well known to hackers
Additional information:
RMAN is an account for the Oracle Recovery Manager.
This account might be misused to write unwanted changes
to the database to the backups.
Username: QS_CS
Password: CHANGE_ON_INSTALL
Status: EXPIRED & LOCKED
-----------------------------------------------
WARNING! The password of QS_CS is a default password.
It is well known to hackers
Additional information:
This is a training account. It should not be available
in a production environment.
Username: QS_CB
Password: CHANGE_ON_INSTALL
Status: EXPIRED & LOCKED
-----------------------------------------------
WARNING! The password of QS_CB is a default password.
It is well known to hackers
Additional information:
This is a training account. It should not be available
in a production environment.
Username: QS_CBADM
Password: CHANGE_ON_INSTALL
Status: EXPIRED & LOCKED
-----------------------------------------------
WARNING! The password of QS_CBADM is a default password.
It is well known to hackers
Additional information:
This is a training account. It should not be available
in a production environment.
Username: QS_OS
Password: CHANGE_ON_INSTALL
Status: EXPIRED & LOCKED
-----------------------------------------------
WARNING! The password of QS_OS is a default password.
It is well known to hackers
Additional information:
This is a training account. It should not be available
in a production environment.
Username: HR
Password: CHANGE_ON_INSTALL
Status: EXPIRED & LOCKED
-----------------------------------------------
WARNING! The password of HR is a default password.
It is well known to hackers
Additional information:
This is a training account. It should not be available
in a production environment.
Username: OE
Password: CHANGE_ON_INSTALL
Status: EXPIRED & LOCKED
-----------------------------------------------
WARNING! The password of OE is a default password.
It is well known to hackers
Additional information:
This is a training account. It should not be available
in a production environment.
Username: PM
Password: CHANGE_ON_INSTALL
Status: EXPIRED & LOCKED
-----------------------------------------------
WARNING! The password of PM is a default password.
It is well known to hackers
Additional information:
This is a training account. It should not be available
in a production environment.
Username: SH
Password: CHANGE_ON_INSTALL
Status: EXPIRED & LOCKED
-----------------------------------------------
WARNING! The password of SH is a default password.
It is well known to hackers
Additional information:
This is a training account. It should not be available
in a production environment.
Username: QS_ADM
Password: CHANGE_ON_INSTALL
Status: EXPIRED & LOCKED
-----------------------------------------------
WARNING! The password of QS_ADM is a default password.
It is well known to hackers
Additional information:
This is a training account. It should not be available
in a production environment.
Username: QS
Password: CHANGE_ON_INSTALL
Status: EXPIRED & LOCKED
-----------------------------------------------
WARNING! The password of QS is a default password.
It is well known to hackers
Additional information:
This is a training account. It should not be available
in a production environment.
Username: QS_WS
Password: CHANGE_ON_INSTALL
Status: EXPIRED & LOCKED
-----------------------------------------------
WARNING! The password of QS_WS is a default password.
It is well known to hackers
Additional information:
This is a training account. It should not be available
in a production environment.
SQL>
No comments:
Post a Comment