Script `oracle-enum-users`

Script types: portrule
Categories: intrusive, auth
Download: https://svn.nmap.org/nmap/scripts/oracle-enum-users.nse

Script Summary

Attempts to enumerate valid Oracle user names against unpatched Oracle 11g servers (this bug was fixed in Oracle's October 2009 Critical Patch Update).

Script Arguments

oracle-enum-users.sid: the instance against which to attempt user enumeration
tns.sid: See the documentation for the tns library.
passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb: See the documentation for the unpwdb library.

Example Usage

nmap --script oracle-enum-users --script-args oracle-enum-users.sid=ORCL,userdb=orausers.txt -p 1521-1560 <host>

If no userdb is supplied the default userlist is used

Script Output

PORT     STATE SERVICE REASON
1521/tcp open  oracle  syn-ack
| oracle-enum-users:
|   haxxor is a valid user account
|   noob is a valid user account
|_  patrik is a valid user account

Requires

Author:

Patrik Karlsson

License: Same as Nmap--See https://nmap.org/book/man-legal.html

Script oracle-enum-users

Script Summary

Script Arguments

Example Usage

Script Output

Requires

Script `oracle-enum-users`