From 692a9cd8bec72a301d1f193e17f7a4673545c0b4 Mon Sep 17 00:00:00 2001
From: patrik <patrik@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Thu, 15 Mar 2012 19:47:24 +0000
Subject: [PATCH] =?UTF-8?q?Added=20support=20for=20detecting=20SYSDBA,=20p?=
 =?UTF-8?q?atch=20supplied=20by=20L=C3=A1szl=C3=B3=20T=C3=B3th.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 scripts/oracle-brute.nse | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/scripts/oracle-brute.nse b/scripts/oracle-brute.nse
index 8d6522103..c308c8ec1 100644
--- a/scripts/oracle-brute.nse
+++ b/scripts/oracle-brute.nse
@@ -43,7 +43,9 @@ result in a large number of accounts being locked out on the database server.
 -- Revised 07/23/2010 - v0.2 - added script usage and output and 
 -- 							 - oracle-brute.sid argument
 -- Revised 07/25/2011 - v0.3 - added support for guessing default accounts
---								changed code to use ConnectionPool
+--                             changed code to use ConnectionPool
+-- Revised 03/13/2012 - v0.4 - revised by László Tóth
+--                             added support for SYSDBA accounts
 
 --
 -- Summary
@@ -65,6 +67,7 @@ require 'creds'
 portrule = shortport.port_or_service(1521, "oracle-tns", "tcp", "open")
 
 local ConnectionPool = {}
+local sysdba = {}
 
 Driver = 
 {
@@ -127,6 +130,10 @@ Driver =
 	login = function( self, username, password )
 		local status, data = self.helper:Login( username, password )
 		
+		if ( sysdba[username] ) then
+			return false, brute.Error:new("Account already discovered")
+		end
+		
 		if ( status ) then
 			self.helper:Close()
 			ConnectionPool[coroutine.running()] = nil
@@ -134,6 +141,10 @@ Driver =
 		-- Check for account locked message
 		elseif ( data:match("ORA[-]28000") ) then
 			return true, brute.Account:new(username, password, creds.State.LOCKED)
+		-- Check for account is SYSDBA message
+		elseif ( data:match("ORA[-]28009") ) then
+			sysdba[username] = true
+			return true, brute.Account:new(username .. " as sysdba", password, creds.State.VALID)
 		-- check for any other message
 		elseif ( data:match("ORA[-]%d+")) then
 			stdnse.print_debug(3, "username: %s, password: %s, error: %s", username, password, data )