Home page logo
/
Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News

File oracle-brute

Script types: portrule
Categories: intrusive, brute
Download: http://nmap.org/svn/scripts/oracle-brute.nse

User Summary

Performs brute force password auditing against Oracle servers.

Running it in default mode it performs an audit against a list of common Oracle usernames and passwords. The mode can be changed by supplying the argument oracle-brute.nodefault at which point the script will use the username- and password- lists supplied with Nmap. Custom username- and password- lists may be supplied using the userdb and passdb arguments. The default credential list can be changed too by using the brute.credfile argument. In case the userdb or passdb arguments are supplied, the script assumes that it should run in the nodefault mode.

In modern versions of Oracle password guessing speeds decrease after a few guesses and remain slow, due to connection throttling.

WARNING: The script makes no attempt to discover the amount of guesses that can be made before locking an account. Running this script may therefor result in a large number of accounts being locked out on the database server.

Script Arguments

oracle-brute.sid

- the instance against which to perform password guessing

oracle-brute.nodefault

- do not attempt to guess any Oracle default accounts

passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb

See the documentation for the unpwdb library.

Example Usage

nmap --script oracle-brute -p 1521 --script-args oracle-brute.sid=ORCL <host>

Script Output

PORT     STATE  SERVICE REASON
1521/tcp open  oracle  syn-ack
| oracle-brute:
|   Accounts
|     system:powell => Account locked
|     haxxor:haxxor => Valid credentials
|   Statistics
|_    Perfomed 157 guesses in 8 seconds, average tps: 19

Requires


Author: Patrik Karlsson

License: Same as Nmap--See http://nmap.org/book/man-legal.html

Nmap Site Navigation

Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]