Powered by GitBook

Oracle (1521) TCP

Enumeration using following tools

Tnsver [host] [port]

Tnscmd

perl tnscmd.pl -h ip_address

perl tnscmd.pl version -h ip_address

perl tnscmd.pl status -h ip_address

Enumeration & Bruteforce using below nmap scripts:

oracle-brute.nse

oracle-brute-stealth.nse

oracle-enum-users.nse

oracle-sid-brute.nse

oracle-tns-version.nse

Database Penetration Testing

Attacking database servers exposed on the network.

Oracle

Install oscanner:

apt-get install oscanner

Run oscanner:

oscanner -s 192.168.1.200 -P 1521

Fingerprint Oracle TNS Version

Install tnscmd10g:

apt-get install tnscmd10g

Fingerprint oracle tns:

tnscmd10g version -h TARGET
nmap --script=oracle-tns-version

Brute force oracle user accounts

Identify default Oracle accounts:

 nmap --script=oracle-sid-brute 
 nmap --script=oracle-brute

Run nmap scripts against Oracle TNS:

nmap -p 1521 -A TARGET

results matching ""

No results matching ""