Brute forcing Oracle SID names

Oracle servers have SID names, and penetration testers need to find them. Thanks to Nmap we can attempt to list them by performing a dictionary attack against the TNS listener.

This recipe shows how to brute force Oracle SID names by using Nmap.

How to do it...

To brute force Oracle SID names, use the following Nmap command:

$ nmap -sV --script oracle-sid-brute <target>

All of the SIDs found will be included in the NSE script output section for oracle-sid-brute:

PORT     STATE SERVICE REASON
1521/tcp open  oracle  syn-ack
| oracle-sid-brute:  
|   orcl
|   prod
|_  devel

How it works...

The argument -sV --script oracle-sid-brute tells Nmap to initiate service detection (-sV) and use the NSE script oracle-sid-brute.

The NSE script ...

Get Nmap 6: Network Exploration and Security Auditing Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Nmap 6: Network Exploration and Security Auditing Cookbook by Paulino Calderon Pale

Brute forcing Oracle SID names

How to do it...

How it works...

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly