Oracle RDBMS Login Utility
This module attempts to authenticate against an Oracle RDBMS instance using username and password combinations indicated by the USER_FILE, PASS_FILE, and USERPASS_FILE options.
Rank
- Normal
Authors
- Patrik Karlsson < patrik [at] cqure.net >
- todb < todb [at] metasploit.com >
Vulnerability References
- http://www.oracle.com/us/products/database/index.html
- CVE-1999-0502
- http://nmap.org/nsedoc/scripts/oracle-brute.html
Development
Similar Modules
- auxiliary/scanner/oracle/emc_sid
- auxiliary/scanner/oracle/isqlplus_login
- auxiliary/scanner/oracle/isqlplus_sidbrute
- auxiliary/scanner/oracle/oracle_hashdump
- auxiliary/scanner/oracle/sid_brute
- auxiliary/scanner/oracle/sid_enum
- auxiliary/scanner/oracle/spy_sid
- auxiliary/scanner/oracle/tnslsnr_version
- auxiliary/scanner/oracle/xdb_sid
- auxiliary/scanner/oracle/xdb_sid_brute
Usage Information
$ msfconsole
## ### ## ##
## ## #### ###### #### ##### ##### ## #### ######
####### ## ## ## ## ## ## ## ## ## ## ### ##
####### ###### ## ##### #### ## ## ## ## ## ## ##
## # ## ## ## ## ## ## ##### ## ## ## ## ##
## ## #### ### ##### ##### ## #### #### #### ###
##
msf > use auxiliary/scanner/oracle/oracle_login
msf auxiliary(oracle_login) > set RHOSTS [TARGET HOST RANGE]
msf auxiliary(oracle_login) > run
## ### ## ##
## ## #### ###### #### ##### ##### ## #### ######
####### ## ## ## ## ## ## ## ## ## ## ### ##
####### ###### ## ##### #### ## ## ## ## ## ## ##
## # ## ## ## ## ## ## ##### ## ## ## ## ##
## ## #### ### ##### ##### ## #### #### #### ###
##
msf > use auxiliary/scanner/oracle/oracle_login
msf auxiliary(oracle_login) > set RHOSTS [TARGET HOST RANGE]
msf auxiliary(oracle_login) > run
Module Options
| BLANK_PASSWORDS | Try blank passwords for all users (default: true) |
| BRUTEFORCE_SPEED | How fast to bruteforce, from 0 to 5 (default: 5) |
| NMAP_VERBOSE | Display nmap output (default: true) |
| PASSWORD | A specific password to authenticate with |
| PASS_FILE | File containing passwords, one per line |
| RHOSTS | The target address range or CIDR identifier |
| RPORTS | Ports to target |
| SID | The instance (SID) to authenticate against (default: XE) |
| STOP_ON_SUCCESS | Stop guessing when a credential works for a host |
| THREADS | The number of concurrent threads (default: 1) |
| USERNAME | A specific username to authenticate as |
| USERPASS_FILE | File containing (space-seperated) users and passwords, one pair per line (default: /home/svn/jobs/msf3/data/wordlists/oracle_default_userpass.txt) |
| USER_AS_PASS | Try the username as the password for all users (default: true) |
| USER_FILE | File containing usernames, one per line |
| VERBOSE | Whether to print output for all attempts (default: true) |
| MaxGuessesPerService | Maximum number of credentials to try per service instance. If set to zero or a non-number, this option will not be used. |
| MaxGuessesPerUser | Maximum guesses for a particular username for the service instance. Note that users are considered unique among different services, so a user at 10.1.1.1:22 is different from one at 10.2.2.2:22, and both will be tried up to the MaxGuessesPerUser limit. If set to zero or a non-number, this option will not be used. |
| MaxMinutesPerService | Maximum time in minutes to bruteforce the service instance. If set to zero or a non-number, this option will not be used. |
| REMOVE_PASS_FILE | Automatically delete the PASS_FILE on module completion |
| REMOVE_USERPASS_FILE | Automatically delete the USERPASS_FILE on module completion |
| REMOVE_USER_FILE | Automatically delete the USER_FILE on module completion |
| ShowProgress | Display progress messages during a scan |
| ShowProgressPercent | The interval in percent that progress should be shown |
| WORKSPACE | Specify the workspace for this module |