I was a student in David Litchfield's Breakable course at Black Hat Training this year. It was a great class and we learned numerous techniques for elevating our privileges from a relatively non-privileged user to DBA. I'm back at work now trying to determine our vulnerability level and so far I've been stumped at every turn. I went to our DBAs and asked them to give me an account on a test system. They asked me what rights I wanted and I told them nothing special. What I have is: SQL> select * from session_privs; PRIVILEGE ---------------------------------------- CREATE SESSION ALTER SESSION CREATE TABLE CREATE CLUSTER CREATE SYNONYM CREATE VIEW CREATE SEQUENCE CREATE DATABASE LINK 8 rows selected. SQL> Many of the exploits we were shown relied on creating procedures or triggers. Naturally, I don't have sufficient rights to go down that path. I've spent the better half of the day today reading all he docs I can find to look for other methods. I've tried most of the default username/password lists that I can find and that too is a dead end. I suspect there's something I'm missing and was wondering if anyone on the list could point me in a new direction. Thanks in advance.