Brute forcing Oracle passwords
System administrators managing several databases often need to check for weak passwords as part of the organization's policy. Penetration testers also take advantage of weak passwords to gain unauthorized access. Conveniently, Nmap NSE offers a way of performing remote brute force password auditing against Oracle database servers.
This recipe shows how to perform brute force password auditing against Oracle with Nmap.
How to do it...
Open a terminal and run Nmap with the following command:
$ nmap -sV --script oracle-brute --script-args oracle-brute.sid=TEST <target>
Any valid credentials found will be included in the results in the script output section:
PORT STATE SERVICE REASON 1521/tcp open oracle syn-ack | oracle-brute: | Accounts | system:system => Valid credentials | Statistics |_ Perfomed 103 guesses in 6 seconds, average tps: 17
How it works...
The argument -sV --script oracle-brute --script-args oracle...