Brute forcing Oracle passwords
System administrators managing several databases often need to check for weak passwords as part of the organization's policy. Penetration testers also take advantage of weak passwords to gain unauthorized access. Conveniently, Nmap NSE offers a way of performing remote brute force password auditing against Oracle database servers.
This recipe shows how to perform brute force password auditing against Oracle by using Nmap.
How to do it...
Open a terminal and run Nmap with the following argument:
$ nmap -sV --script oracle-brute --script-args oracle-brute.sid=TEST <target>
Any valid credentials found will be included in the results in the script output section:
PORT STATE SERVICE REASON 1521/tcp open oracle syn-ack
Get Nmap 6: Network Exploration and Security Auditing Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
