Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bruteforce. Oracle database. The service seems to have failed or is heavily firewalled #2010

Closed
kemanik opened this issue Apr 17, 2020 · 3 comments
Assignees
Labels

Comments

@kemanik
Copy link

@kemanik kemanik commented Apr 17, 2020

nmap -sT -p 1521 -d -Pn -e eth4 --script oracle-brute --script-args "unpwdb.timelimit=3h,oracle-brute.sid=UPGR,userdb=C:\Users\rag\Downloads\usernames.lst,passdb=C:\Users\rag\Downloads\passwords.lst" 192.168.1.102

In oracle password brute force scanning there are a lot of errors like this:

NSE: oracle-brute against 192.168.1.102:1521 threw an error!
C:\Program Files (x86)\Nmap/nselib/tns.lua:1278: attempt to call a nil value (method 'len')
stack traceback:
C:\Program Files (x86)\Nmap/nselib/tns.lua:1278: in field 'unmarshalKvpComponent'
C:\Program Files (x86)\Nmap/nselib/tns.lua:1202: in field 'unmarshalKvp'
C:\Program Files (x86)\Nmap/nselib/tns.lua:498: in method 'parseResponse'
C:\Program Files (x86)\Nmap/nselib/tns.lua:1427: in method 'exchTNSPacket'
C:\Program Files (x86)\Nmap/nselib/tns.lua:1726: in method 'Login'
C:\Program Files (x86)\Nmap/scripts\oracle-brute.nse:140: in method 'login'
C:\Program Files (x86)\Nmap/nselib/brute.lua:768: in method 'doAuthenticate'
C:\Program Files (x86)\Nmap/nselib/brute.lua:821: in function <C:\Program Files (x86)\Nmap/nselib/brute.lua:797>

nmap_output_oracle.txt

@nnposter nnposter added bug NSE labels May 20, 2020
@nnposter
Copy link

@nnposter nnposter commented May 20, 2020

There is a bug in the code. Unfortunately I have no access to an environment where I can test. Could you please apply the following patch and report back?

https://gist.github.com/nnposter/dcf21b9cdf0e17fe7f88b4763db2e4ba

@kemanik
Copy link
Author

@kemanik kemanik commented May 20, 2020

Now it works!
oracle.txt

@nmap-bot nmap-bot closed this in 3019f0c May 20, 2020
@nnposter
Copy link

@nnposter nnposter commented May 20, 2020

A mildly updated patch has been committed as r37932. Thank you for reporting the issue!

@nnposter nnposter self-assigned this May 20, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants
You can’t perform that action at this time.