202 CHAPTER 5 Hacking database services FIGURE 5.7 MSSQL Bruter Options. inputting the target account name and IP(s). There are also options to cover addi- tional scenarios such as using a larger brute-force dictionary, adding an adminis- trative account to a vulnerable system, or sending raw SQL commands. The results of this basic attack are shown in Fig. 5.8. As you can see in Fig. 5.8, we have successfully compromised the "sa" account using the smaller dictionary and have the ability to interact with the remote server. By selecting the server number, we have a number of options available to us including the use of a standard command prompt or a variety of Metasploit tools such as reverse VNC or Meterpreter. Using these tools, you can then further your penetration testing activities on the remote MS SQL Server. 5.4 ORACLE DATABASE MANAGEMENT SYSTEM The second RDBMS we will take a look at is the Oracle database management system. This RDBMS is typically just referred to as "Oracle" but that can some- times lead to confusion as the Oracle corporation owns a substantial number of products and since merging with Sun Microsystems, now also owns the MySQL RDBMS. 5.4.1 Oracle users Several default user accounts are created during Oracle database management system installation. At least 14 default users are created in version 10g, but that number can exceed 100 if you install an older version of Oracle. This is important