Fortinet black logo

Handbook (HTML)

Home FortiDB 5.1.14 Handbook (HTML)
5.1.14
5.1.14
5.1.13
5.1.12
5.1.11
5.1.10
5.1.9
5.1.8
5.1.7
5.1.6
5.1.5
5.1.2
5.1.1
5.0.0

Files used for penetration tests

Files used for penetration tests

Penetration test policies use username and password information stored in a set of text files to assess databases.

For the Dictionary pen test policy, FortiDB allows you to select a password dictionary text file to use instead of the default dictionary.

In addition, if you are using the software version of FortiDB, you can customize the other pentest policy text files. The custom files allow you to specify the usernames and passwords to use in the test instead of testing all database usernames. These files are <dbtype>default.txt and <dbtype>user.txt, where <dbtype> specifies the type of database using one of the following strings:

  • ora for Oracle
  • sql for MS-SQL
  • db2 for DB2
  • syb for Sybase
  • mysql for MySQL

If you are using either the appliance or software version of FortiDB, you can use the Assessment properties to select an alternative password dictionary file. However, appliance version users cannot access or change the default dictionary.txt, <dbtype>default.txt and <dbtype>user.txt files.

Policy name File Content evaluated
Default Password <dbtype>default.txt

All the username-password pairs in the file.

The values in <dbtype>default.txt represent system accounts that ship with a RDBMS and their default passwords. For example, for Oracle, SYS, SYSTEM, and SCOTT, and for Microsoft SQL, SA.
Dictionary <dbtype>user.txt, dictionary.txt

The pairing of each username in the <dbtype>user.txt file with every password in dictionary.txt file.

Note: When FortiDB executes the pentest Dictionary policy, it automatically adds the domain name to the password list.
Number Following Username <dbtype>user.txt The paring of usernames in the file with a password created by adding one or more numbers to the end of the username.
Same as Username <dbtype>user.txt The pairing of usernames in the file with a password that is the same as the username.
Username Following Number <dbtype>user.txt The pairing of usernames in the file with a password created by adding one or more number to the begining of the username.
Username Reversed <dbtype>user.txt The pairing of usernames in the file with a password created by spelling the username backwords.
See also
Previous
Next

Files used for penetration tests

Penetration test policies use username and password information stored in a set of text files to assess databases.

For the Dictionary pen test policy, FortiDB allows you to select a password dictionary text file to use instead of the default dictionary.

In addition, if you are using the software version of FortiDB, you can customize the other pentest policy text files. The custom files allow you to specify the usernames and passwords to use in the test instead of testing all database usernames. These files are <dbtype>default.txt and <dbtype>user.txt, where <dbtype> specifies the type of database using one of the following strings:

  • ora for Oracle
  • sql for MS-SQL
  • db2 for DB2
  • syb for Sybase
  • mysql for MySQL

If you are using either the appliance or software version of FortiDB, you can use the Assessment properties to select an alternative password dictionary file. However, appliance version users cannot access or change the default dictionary.txt, <dbtype>default.txt and <dbtype>user.txt files.

Policy name File Content evaluated
Default Password <dbtype>default.txt

All the username-password pairs in the file.

The values in <dbtype>default.txt represent system accounts that ship with a RDBMS and their default passwords. For example, for Oracle, SYS, SYSTEM, and SCOTT, and for Microsoft SQL, SA.
Dictionary <dbtype>user.txt, dictionary.txt

The pairing of each username in the <dbtype>user.txt file with every password in dictionary.txt file.

Note: When FortiDB executes the pentest Dictionary policy, it automatically adds the domain name to the password list.
Number Following Username <dbtype>user.txt The paring of usernames in the file with a password created by adding one or more numbers to the end of the username.
Same as Username <dbtype>user.txt The pairing of usernames in the file with a password that is the same as the username.
Username Following Number <dbtype>user.txt The pairing of usernames in the file with a password created by adding one or more number to the begining of the username.
Username Reversed <dbtype>user.txt The pairing of usernames in the file with a password created by spelling the username backwords.
See also
Previous
Next