Oracle Account Discovery
This module uses a list of well known default authentication credentials to discover easily guessed accounts.
Rank
- Normal
Authors
- MC < mc [at] metasploit.com >
Vulnerability References
- http://www.petefinnigan.com/default/oracle_default_passwords.csv
- http://seclists.org/fulldisclosure/2009/Oct/261
Development
Similar Modules
- auxiliary/admin/oracle/ora_ntlm_stealer
- auxiliary/admin/oracle/oracle_sql
- auxiliary/admin/oracle/oraenum
- auxiliary/admin/oracle/osb_execqr
- auxiliary/admin/oracle/osb_execqr2
- auxiliary/admin/oracle/osb_execqr3
- auxiliary/admin/oracle/post_exploitation/win32exec
- auxiliary/admin/oracle/post_exploitation/win32upload
- auxiliary/admin/oracle/sid_brute
- auxiliary/admin/oracle/tnscmd
Usage Information
$ msfconsole
## ### ## ##
## ## #### ###### #### ##### ##### ## #### ######
####### ## ## ## ## ## ## ## ## ## ## ### ##
####### ###### ## ##### #### ## ## ## ## ## ## ##
## # ## ## ## ## ## ## ##### ## ## ## ## ##
## ## #### ### ##### ##### ## #### #### #### ###
##
msf > use auxiliary/admin/oracle/oracle_login
msf auxiliary(oracle_login) > set RHOST [TARGET IP]
msf auxiliary(oracle_login) > run
## ### ## ##
## ## #### ###### #### ##### ##### ## #### ######
####### ## ## ## ## ## ## ## ## ## ## ### ##
####### ###### ## ##### #### ## ## ## ## ## ## ##
## # ## ## ## ## ## ## ##### ## ## ## ## ##
## ## #### ### ##### ##### ## #### #### #### ###
##
msf > use auxiliary/admin/oracle/oracle_login
msf auxiliary(oracle_login) > set RHOST [TARGET IP]
msf auxiliary(oracle_login) > run
Module Options
| CSVFILE | The file that contains a list of default accounts. (default: /home/svn/jobs/msf3/data/wordlists/oracle_default_passwords.csv) |
| RHOST | The Oracle host. (default: ) |
| RPORT | The TNS port. (default: 1521) |
| SID | The sid to authenticate with. (default: ORCL) |
| VERBOSE | Enable detailed status messages |
| WORKSPACE | Specify the workspace for this module |