Home page logo
/
Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News

Sponsors


File oracle-brute-stealth

Script types: portrule
Categories: intrusive, brute
Download: http://nmap.org/svn/scripts/oracle-brute-stealth.nse

User Summary

Exploits the CVE-2012-3137 vulnerability, a weakness in Oracle's O5LOGIN authentication scheme. The vulnerability exists in Oracle 11g R1/R2 and allows linking the session key to a password hash. When initiating an authentication attempt as a valid user the server will respond with a session key and salt. Once received the script will disconnect the connection thereby not recording the login attempt. The session key and salt can then be used to brute force the users password.

Script Arguments

oracle-brute-stealth.johnfile

- if specified the hashes will be written to this file to be used by JtR

oracle-brute-stealth.accounts

- a list of comma separated accounts to test

oracle-brute-stealth.sid

- the instance against which to perform password guessing

oracle-brute-stealth.nodefault

- do not attempt to guess any Oracle default accounts

passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb

See the documentation for the unpwdb library.

Example Usage

nmap --script oracle-brute-stealth -p 1521 --script-args oracle-brute-stealth.sid=ORCL <host>

Script Output

PORT     STATE  SERVICE REASON
1521/tcp open  oracle  syn-ack
| oracle-brute-stealth:
|   Accounts
|     dummy:$o5logon$1245C95384E15E7F0C893FCD1893D8E19078170867E892CE86DF90880E09FAD3B4832CBCFDAC1A821D2EA8E3D2209DB6*4202433F49DE9AE72AE2 - Hashed valid or invalid credentials
|     nmap:$o5logon$D1B28967547DBA3917D7B129E339F96156C8E2FE5593D42540992118B3475214CA0F6580FD04C2625022054229CAAA8D*7BCF2ACF08F15F75B579 - Hashed valid or invalid credentials
|   Statistics
|_    Performed 2 guesses in 1 seconds, average tps: 2

Requires


Author: Dhiru Kholia

License: Same as Nmap--See http://nmap.org/book/man-legal.html

Nmap Site Navigation

Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault