Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Script oracle-brute doesn't find passwords #1475

Open
buden opened this Issue Feb 15, 2019 · 0 comments

Comments

Projects
None yet
1 participant
@buden
Copy link

buden commented Feb 15, 2019

Nmap latest stable version (7.70) for Windows (10x64) detects working oracle db server, but does not print out any found credentials. The 'oracle-default-credentials.lst' file contains correct username/password. The older Nmap (6.40) works fine.
Command:

nmap -p 1521 --script oracle-brute --script-args oracle-brute.sid=<instance> <host>

Nmap 7.70 output:

Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-15 13:05 Russia TZ 2 Standard Time
Nmap scan report for <host>
Host is up (0.00088s latency).

PORT     STATE SERVICE
1521/tcp open  oracle
MAC Address: 00:00:00:00:00:00 (Microsoft)

Nmap done: 1 IP address (1 host up) scanned in 2.53 seconds

Nmap 6.40 output:

Starting Nmap 6.40 ( http://nmap.org ) at 2019-02-15 13:13 Russia TZ 2 Standard Time
Nmap scan report for <host>
Host is up (0.00s latency).
PORT     STATE SERVICE
1521/tcp open  oracle
| oracle-brute: 
|   Accounts
|     <username> as sysdba:<password> - Valid credentials
|   Statistics
|_    Performed 15 guesses in 1 seconds, average tps: 15
MAC Address: 00:00:00:00:00:00 (Microsoft)

Nmap done: 1 IP address (1 host up) scanned in 5.19 seconds
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.