Home page logo
/
Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News

File oracle-enum-users

Script types: portrule
Categories: intrusive, auth
Download: http://nmap.org/svn/scripts/oracle-enum-users.nse

User Summary

Attempts to enumerate valid Oracle user names against unpatched Oracle 11g servers (this bug was fixed in Oracle's October 2009 Critical Patch Update).

Script Arguments

oracle-enum-users.sid

the instance against which to attempt user enumeration

passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb

See the documentation for the unpwdb library.

Example Usage

nmap --script oracle-enum-users --script-args oracle-enum-users.sid=ORCL,userdb=orausers.txt -p 1521-1560 <host>

If no userdb is supplied the default userlist is used

Script Output

PORT     STATE SERVICE REASON
1521/tcp open  oracle  syn-ack
| oracle-enum-users:
|   haxxor is a valid user account
|   noob is a valid user account
|_  patrik is a valid user account

The get_random_string function was stolen from Ron's smb code

Requires


Author: Patrik Karlsson

License: Same as Nmap--See http://nmap.org/book/man-legal.html

Nmap Site Navigation

Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]