o [NSE] Added new default credential list for Oracle and modified the

oracle-brute script to make use of it. [Patrik]

CHANGELOG

@@ -1,5 +1,8 @@
 # Nmap Changelog ($Id$); -*-text-*-
 
+o [NSE] Added new default credential list for Oracle and modified the
+  oracle-brute script to make use of it. [Patrik]
+
 o [NSE] Added xmpp-info.nse as a replacement for xmpp.nse. This updated version
   brings new features and fixes. [Vasiliy Kulikov]
 
@@ -30,7 +33,8 @@ o [NSE] Added functions to packet.lua to make it easier to build IPv6
   packets. [Weilin]
 
 o [NSE] Added new script http-vuln-cve2011-3192 which checks whether an instance
-  of Apache is vulnerable to a DoS attack exploiting the byterange filter. [Duarte Silva].
+  of Apache is vulnerable to a DoS attack exploiting the byterange filter.
+  [Duarte Silva].
 
 o [NSE] Fixed authentication problems in the TNS library that would prevent
   authentication from working against Oracle 11.2.0.2.0 XE [Chris Woodbury]

nselib/data/oracle-default-accounts.lst

@@ -0,0 +1,687 @@
+#!comment: This password file was created from the hashes in dfltpass.sql a
+#!comment: script created by Oracle to scan databases for default credentials.
+AASH/AASH
+ABA1/ABA1
+ABM/ABM
+AD_MONITOR/LIZARD
+ADAMS/WOOD
+ADS/ADS
+ADSEUL_US/WELCOME
+AHL/AHL
+AHM/AHM
+AK/AK
+AL/AL
+ALA1/ALA1
+ALLUSERS/ALLUSERS
+ALR/ALR
+AMA1/AMA1
+AMA2/AMA2
+AMA3/AMA3
+AMA4/AMA4
+AMF/AMF
+AMS/AMS
+AMS1/AMS1
+AMS2/AMS2
+AMS3/AMS3
+AMS4/AMS4
+AMSYS/AMSYS
+AMV/AMV
+AMW/AMW
+ANNE/ANNE
+AOLDEMO/AOLDEMO
+AP/AP
+APA1/APA1
+APA2/APA2
+APA3/APA3
+APA4/APA4
+APPLEAD/APPLEAD
+APPLSYS/FND
+APPLSYS/APPS
+APPLSYSPUB/PUB
+APPS/APPS
+APS1/APS1
+APS2/APS2
+APS3/APS3
+APS4/APS4
+AQDEMO/AQDEMO
+AQJAVA/AQJAVA
+AQUSER/AQUSER
+AR/AR
+ARA1/ARA1
+ARA2/ARA2
+ARA3/ARA3
+ARA4/ARA4
+ARS1/ARS1
+ARS2/ARS2
+ARS3/ARS3
+ARS4/ARS4
+ART/ART
+ASF/ASF
+ASG/ASG
+ASL/ASL
+ASN/ASN
+ASO/ASO
+ASP/ASP
+AST/AST
+AUC_GUEST/AUC_GUEST
+AUTHORIA/AUTHORIA
+AX/AX
+AZ/AZ
+B2B/B2B
+BAM/BAM
+BCA1/BCA1
+BCA2/BCA2
+BEN/BEN
+BIC/BIC
+BIL/BIL
+BIM/BIM
+BIS/BIS
+BIV/BIV
+BIX/BIX
+BLAKE/PAPER
+BMEADOWS/BMEADOWS
+BNE/BNE
+BOM/BOM
+BP01/BP01
+BP02/BP02
+BP03/BP03
+BP04/BP04
+BP05/BP05
+BP06/BP06
+BSC/BSC
+BUYACCT/BUYACCT
+BUYAPPR1/BUYAPPR1
+BUYAPPR2/BUYAPPR2
+BUYAPPR3/BUYAPPR3
+BUYER/BUYER
+BUYMTCH/BUYMTCH
+CAMRON/CAMRON
+CANDICE/CANDICE
+CARL/CARL
+CARLY/CARLY
+CARMEN/CARMEN
+CARRIECONYERS/CARRIECONYERS
+CATADMIN/CATADMIN
+CE/CE
+CEASAR/CEASAR
+CENTRA/CENTRA
+CFD/CFD
+CHANDRA/CHANDRA
+CHARLEY/CHARLEY
+CHRISBAKER/CHRISBAKER
+CHRISTIE/CHRISTIE
+CINDY/CINDY
+CLARK/CLARK
+CLARK/CLOTH
+CLAUDE/CLAUDE
+CLINT/CLINT
+CLN/CLN
+CN/CN
+CNCADMIN/CNCADMIN
+CONNIE/CONNIE
+CONNOR/CONNOR
+CORY/CORY
+CRM1/CRM1
+CRM2/CRM2
+CRP/CRP
+CRPB733/CRPB733
+CRPCTL/CRPCTL
+CRPDTA/CRPDTA
+CS/CS
+CSADMIN/CSADMIN
+CSAPPR1/CSAPPR1
+CSC/CSC
+CSD/CSD
+CSDUMMY/CSDUMMY
+CSE/CSE
+CSF/CSF
+CSI/CSI
+CSL/CSL
+CSM/CSM
+CSMIG/CSMIG
+CSP/CSP
+CSR/CSR
+CSS/CSS
+CTXDEMO/CTXDEMO
+CTXSYS/CTXSYS
+CTXSYS/CHANGE_ON_INSTALL
+CTXTEST/CTXTEST
+CUA/CUA
+CUE/CUE
+CUF/CUF
+CUG/CUG
+CUI/CUI
+CUN/CUN
+CUP/CUP
+CUS/CUS
+CZ/CZ
+DAVIDMORGAN/DAVIDMORGAN
+DBSNMP/DBSNMP
+DCM/DCM
+DD7333/DD7333
+DD7334/DD7334
+DD810/DD810
+DD811/DD811
+DD812/DD812
+DD9/DD9
+DDB733/DDB733
+DDD/DDD
+DEMO8/DEMO8
+DES/DES
+DES2K/DES2K
+DEV2000_DEMOS/DEV2000_DEMOS
+DEVB733/DEVB733
+DEVUSER/DEVUSER
+DGRAY/WELCOME
+DIP/DIP
+DISCOVERER5/DISCOVERER5
+DKING/DKING
+DLD/DLD
+DMADMIN/MANAGER
+DMATS/DMATS
+DMS/DMS
+DMSYS/DMSYS
+DOM/DOM
+DPOND/DPOND
+DSGATEWAY/DSGATEWAY
+DV7333/DV7333
+DV7334/DV7334
+DV810/DV810
+DV811/DV811
+DV812/DV812
+DV9/DV9
+DVP1/DVP1
+EAA/EAA
+EAM/EAM
+EC/EC
+ECX/ECX
+EDR/EDR
+EDWEUL_US/EDWEUL_US
+EDWREP/EDWREP
+EGC1/EGC1
+EGD1/EGD1
+EGM1/EGM1
+EGO/EGO
+EGR1/EGR1
+END1/END1
+ENG/ENG
+ENI/ENI
+ENM1/ENM1
+ENS1/ENS1
+ENTMGR_CUST/ENTMGR_CUST
+ENTMGR_PRO/ENTMGR_PRO
+ENTMGR_TRAIN/ENTMGR_TRAIN
+EOPP_PORTALADM/EOPP_PORTALADM
+EOPP_PORTALMGR/EOPP_PORTALMGR
+EOPP_USER/EOPP_USER
+EUL_US/EUL_US
+EVM/EVM
+EXA1/EXA1
+EXA2/EXA2
+EXA3/EXA3
+EXA4/EXA4
+EXFSYS/EXFSYS
+EXS1/EXS1
+EXS2/EXS2
+EXS3/EXS3
+EXS4/EXS4
+FA/FA
+FEM/FEM
+FIA1/FIA1
+FII/FII
+FLM/FLM
+FNI1/FNI1
+FNI2/FNI2
+FPA/FPA
+FPT/FPT
+FRM/FRM
+FTA1/FTA1
+FTE/FTE
+FUN/FUN
+FV/FV
+FVP1/FVP1
+GALLEN/GALLEN
+GCA1/GCA1
+GCA2/GCA2
+GCA3/GCA3
+GCA9/GCA9
+GCMGR1/GCMGR1
+GCMGR2/GCMGR2
+GCMGR3/GCMGR3
+GCS/GCS
+GCS1/GCS1
+GCS2/GCS2
+GCS3/GCS3
+GEORGIAWINE/GEORGIAWINE
+GL/GL
+GLA1/GLA1
+GLA2/GLA2
+GLA3/GLA3
+GLA4/GLA4
+GLS1/GLS1
+GLS2/GLS2
+GLS3/GLS3
+GLS4/GLS4
+GM_AWDA/GM_AWDA
+GM_COPI/GM_COPI
+GM_DPHD/GM_DPHD
+GM_MLCT/GM_MLCT
+GM_PLADMA/GM_PLADMA
+GM_PLADMH/GM_PLADMH
+GM_PLCCA/GM_PLCCA
+GM_PLCCH/GM_PLCCH
+GM_PLCOMA/GM_PLCOMA
+GM_PLCOMH/GM_PLCOMH
+GM_PLCONA/GM_PLCONA
+GM_PLCONH/GM_PLCONH
+GM_PLNSCA/GM_PLNSCA
+GM_PLNSCH/GM_PLNSCH
+GM_PLSCTA/GM_PLSCTA
+GM_PLSCTH/GM_PLSCTH
+GM_PLVET/GM_PLVET
+GM_SPO/GM_SPO
+GM_STKH/GM_STKH
+GMA/GMA
+GMD/GMD
+GME/GME
+GMF/GMF
+GMI/GMI
+GML/GML
+GMP/GMP
+GMS/GMS
+GR/GR
+GUEST/GUEST
+HCC/HCC
+HHCFO/HHCFO
+HR/HR
+HRI/HRI
+HXC/HXC
+HXT/HXT
+IA/IA
+IBA/IBA
+IBC/IBC
+IBE/IBE
+IBP/IBP
+IBU/IBU
+IBY/IBY
+ICX/ICX
+IEB/IEB
+IEC/IEC
+IEM/IEM
+IEO/IEO
+IES/IES
+IEU/IEU
+IEX/IEX
+IGC/IGC
+IGF/IGF
+IGI/IGI
+IGS/IGS
+IGW/IGW
+IMC/IMC
+IMT/IMT
+INS1/INS1
+INS2/INS2
+INV/INV
+IP/IP
+IPA/IPA
+IPD/IPD
+ISC/ISC
+ISTEWARD/ISTEWARD
+ITG/ITG
+JA/JA
+JD7333/JD7333
+JD7334/JD7334
+JD9/JD9
+JDE/JDE
+JDEDBA/JDEDBA
+JE/JE
+JG/JG
+JL/JL
+JOHNINARI/JOHNINARI
+JONES/STEEL
+JTF/JTF
+JTI/JTI
+JTM/JTM
+JTR/JTR
+JTS/JTS
+JUNK_PS/JUNK_PS
+JUSTOSHUM/JUSTOSHUM
+KELLYJONES/KELLYJONES
+KEVINDONS/KEVINDONS
+KPN/KPN
+LADAMS/LADAMS
+LBA/LBA
+LBACSYS/LBACSYS
+LDQUAL/LDQUAL
+LHILL/LHILL
+LNS/LNS
+LQUINCY/LQUINCY
+LSA/LSA
+MDDATA/MDDATA
+MDSYS/MDSYS
+MDSYS/SYS
+ME/ME
+MFG/MFG
+MGR1/MGR1
+MGR2/MGR2
+MGR3/MGR3
+MGR4/MGR4
+MIKEIKEGAMI/MIKEIKEGAMI
+MJONES/MJONES
+MLAKE/MLAKE
+MM1/MM1
+MM2/MM2
+MM3/MM3
+MM4/MM4
+MM5/MM5
+MMARTIN/MMARTIN
+MOBILEADMIN/WELCOME
+MRP/MRP
+MSC/MSC
+MSD/MSD
+MSO/MSO
+MSR/MSR
+MST/MST
+MWA/MWA
+NEILKATSU/NEILKATSU
+OBJ7333/OBJ7333
+OBJ7334/OBJ7334
+OBJB733/OBJB733
+OCA/OCA
+ODM/ODM
+ODM_MTR/MTRPW
+ODS/ODS
+ODSCOMMON/ODSCOMMON
+OE/OE
+OKB/OKB
+OKC/OKC
+OKE/OKE
+OKI/OKI
+OKL/OKL
+OKO/OKO
+OKR/OKR
+OKS/OKS
+OKX/OKX
+OL810/OL810
+OL811/OL811
+OL812/OL812
+OL9/OL9
+OLAPSYS/MANAGER
+ONT/ONT
+OPI/OPI
+ORABAM/ORABAM
+ORABAMSAMPLES/ORABAMSAMPLES
+ORABPEL/ORABPEL
+ORAESB/ORAESB
+ORAOCA_PUBLIC/ORAOCA_PUBLIC
+ORASAGENT/ORASAGENT
+ORASSO/ORASSO
+ORASSO_DS/ORASSO_DS
+ORASSO_PA/ORASSO_PA
+ORASSO_PS/ORASSO_PS
+ORASSO_PUBLIC/ORASSO_PUBLIC
+ORDPLUGINS/ORDPLUGINS
+ORDSYS/ORDSYS
+OSM/OSM
+OTA/OTA
+OUTLN/OUTLN
+OWAPUB/OWAPUB
+OWF_MGR/OWF_MGR
+OZF/OZF
+OZP/OZP
+OZS/OZS
+PA/PA
+PABLO/PABLO
+PAIGE/PAIGE
+PAM/PAM
+PARRISH/PARRISH
+PARSON/PARSON
+PAT/PAT
+PATORILY/PATORILY
+PATRICKSANCHEZ/PATRICKSANCHEZ
+PATSY/PATSY
+PAUL/PAUL
+PAULA/PAULA
+PAXTON/PAXTON
+PCA1/PCA1
+PCA2/PCA2
+PCA3/PCA3
+PCA4/PCA4
+PCS1/PCS1
+PCS2/PCS2
+PCS3/PCS3
+PCS4/PCS4
+PD7333/PD7333
+PD7334/PD7334
+PD810/PD810
+PD811/PD811
+PD812/PD812
+PD9/PD9
+PDA1/PDA1
+PEARL/PEARL
+PEG/PEG
+PENNY/PENNY
+PEOPLE/PEOP1E
+PERCY/PERCY
+PERRY/PERRY
+PETE/PETE
+PEYTON/PEYTON
+PHIL/PHIL
+PJI/PJI
+PJM/PJM
+PMI/PMI
+PN/PN
+PO/PO
+POA/POA
+POLLY/POLLY
+POM/POM
+PON/PON
+PORTAL/PORTAL
+PORTAL_APP/PORTAL_APP
+PORTAL_DEMO/PORTAL_DEMO
+PORTAL_PUBLIC/PORTAL_PUBLIC
+PORTAL30/PORTAL30
+PORTAL30_DEMO/PORTAL30_DEMO
+PORTAL30_PUBLIC/PORTAL30_PUBLIC
+PORTAL30_SSO/PORTAL30_SSO
+PORTAL30_SSO_PS/PORTAL30_SSO_PS
+POS/POS
+PPM1/PPM1
+PPM2/PPM2
+PPM3/PPM3
+PPM4/PPM4
+PPM5/PPM5
+PRISTB733/PRISTB733
+PRISTCTL/PRISTCTL
+PRISTDTA/PRISTDTA
+PRODB733/PRODB733
+PRODCTL/PRODCTL
+PRODDTA/PRODDTA
+PRODUSER/PRODUSER
+PROJMFG/WELCOME
+PRP/PRP
+PS/PS
+PS810/PS810
+PS810CTL/PS810CTL
+PS810DTA/PS810DTA
+PS811/PS811
+PS811CTL/PS811CTL
+PS811DTA/PS811DTA
+PS812/PS812
+PS812CTL/PS812CTL
+PS812DTA/PS812DTA
+PSA/PSA
+PSB/PSB
+PSBASS/PSBASS
+PSEM/PSEM
+PSFT/PSFT
+PSFTDBA/PSFTDBA
+PSP/PSP
+PTADMIN/PTADMIN
+PTCNE/PTCNE
+PTDMO/PTDMO
+PTE/PTE
+PTESP/PTESP
+PTFRA/PTFRA
+PTG/PTG
+PTGER/PTGER
+PTJPN/PTJPN
+PTUKE/PTUKE
+PTUPG/PTUPG
+PTWEB/PTWEB
+PTWEBSERVER/PTWEBSERVER
+PV/PV
+PY7333/PY7333
+PY7334/PY7334
+PY810/PY810
+PY811/PY811
+PY812/PY812
+PY9/PY9
+QA/QA
+QOT/QOT
+QP/QP
+QRM/QRM
+QS/QS
+QS_ADM/QS_ADM
+QS_CB/QS_CB
+QS_CBADM/QS_CBADM
+QS_CS/QS_CS
+QS_ES/QS_ES
+QS_OS/QS_OS
+QS_WS/QS_WS
+RENE/RENE
+REPADMIN/REPADMIN
+REPORTS/REPORTS
+REPORTS_USER/OEM_TEMP
+RESTRICTED_US/RESTRICTED_US
+RG/RG
+RHX/RHX
+RLA/RLA
+RLM/RLM
+RM1/RM1
+RM2/RM2
+RM3/RM3
+RM4/RM4
+RM5/RM5
+RMAN/RMAN
+ROB/ROB
+RPARKER/RPARKER
+RWA1/RWA1
+SALLYH/SALLYH
+SAM/SAM
+SARAHMANDY/SARAHMANDY
+SCM1/SCM1
+SCM2/SCM2
+SCM3/SCM3
+SCM4/SCM4
+SCOTT/TIGER
+SDAVIS/SDAVIS
+SECDEMO/SECDEMO
+SEDWARDS/SEDWARDS
+SELLCM/SELLCM
+SELLER/SELLER
+SELLTREAS/SELLTREAS
+SERVICES/WELCOME
+SETUP/SETUP
+SH/SH
+SID/SID
+SKAYE/SKAYE
+SKYTETSUKA/SKYTETSUKA
+SLSAA/SLSAA
+SLSMGR/SLSMGR
+SLSREP/SLSREP
+SRABBITT/SRABBITT
+SRALPHS/SRALPHS
+SRAY/SRAY
+SRIVERS/SRIVERS
+SSA1/SSA1
+SSA2/SSA2
+SSA3/SSA3
+SSC1/SSC1
+SSC2/SSC2
+SSC3/SSC3
+SSOSDK/SSOSDK
+SSP/SSP
+SSS1/SSS1
+SUPPLIER/SUPPLIER
+SVM7333/SVM7333
+SVM7334/SVM7334
+SVM810/SVM810
+SVM811/SVM811
+SVM812/SVM812
+SVM9/SVM9
+SVMB733/SVMB733
+SVP1/SVP1
+SY810/SY810
+SY811/SY811
+SY812/SY812
+SY9/SY9
+SYS/WELCOME1
+SYS/MANAGER
+SYS/CHANGE_ON_INSTALL
+SYS7333/SYS7333
+SYS7334/SYS7334
+SYSADMIN/SYSADMIN
+SYSB733/SYSB733
+SYSMAN/WELCOME1
+SYSTEM/WELCOME1
+SYSTEM/MANAGER
+TDEMARCO/TDEMARCO
+TDOS_ICSAP/TDOS_ICSAP
+TESTCTL/TESTCTL
+TESTDTA/TESTDTA
+TRA1/TRA1
+TRACESVR/TRACE
+TRBM1/TRBM1
+TRCM1/TRCM1
+TRDM1/TRDM1
+TRRM1/TRRM1
+TWILLIAMS/TWILLIAMS
+UDDISYS/UDDISYS
+VEA/VEA
+VEH/VEH
+VIDEO31/VIDEO31
+VIDEO4/VIDEO4
+VIDEO5/VIDEO5
+VP1/VP1
+VP2/VP2
+VP3/VP3
+VP4/VP4
+VP5/VP5
+VP6/VP6
+WAA1/WAA1
+WAA2/WAA2
+WCRSYS/WCRSYS
+WEBDB/WEBDB
+WEBSYS/WELCOME
+WENDYCHO/WENDYCHO
+WH/WH
+WIP/WIP
+WIRELESS/WELCOME
+WIRELESS/WIRELESS
+WK_TEST/WK_TEST
+WKPROXY/WKPROXY
+WKSYS/WKSYS
+WMS/WMS
+WMSYS/WMSYS
+WPS/WPS
+WSH/WSH
+WSM/WSM
+XDB/CHANGE_ON_INSTALL
+XDO/XDO
+XDP/XDP
+XLA/XLA
+XLE/XLE
+XNB/XNB
+XNC/XNC
+XNI/XNI
+XNM/XNM
+XNP/XNP
+XNS/XNS
+XTR/XTR
+YCAMPOS/YCAMPOS
+YSANCHEZ/YSANCHEZ
+ZFA/ZFA
+ZPB/ZPB
+ZSA/ZSA
+ZX/ZX

scripts/oracle-brute.nse

@@ -1,5 +1,20 @@
 description = [[
 Performs brute force password auditing against Oracle servers.
+Running it in default mode it performs an audit against a list of common
+Oracle usernames and passwords. The mode can be changed by supplying the
+argument oracle-brute.nodefault at which point the script will use the
+username- and password- lists supplied with Nmap. Custom username- and
+password- lists may be supplied using the userdb and passdb arguments.
+The default credential list can be changed too by using the brute.credfile
+argument. In case the userdb or passdb arguments are supplied, the script
+assumes that it should run in the nodefault mode.
+
+In modern versions of Oracle password guessing speeds decrease after a few
+guesses and remain slow, due to connection throttling.
+
+WARNING: The script makes no attempt to discover the amount of guesses
+that can be made before locking an account. Running this script may therefor
+result in a large number of accounts being locked out on the database server.
 ]]
 
 ---
@@ -21,15 +36,18 @@ Performs brute force password auditing against Oracle servers.
 --   x The Driver class contains the driver implementation used by the brute
 --     library
 --
--- @args oracle-brute.sid the instance against which to perform password
+-- @args oracle-brute.sid - the instance against which to perform password
---       guessing
+--                          guessing
---
+-- @args oracle-brute.nodefault - do not attempt to guess any Oracle default
+--                                accounts
 
 --
--- Version 0.2
+-- Version 0.3
 -- Created 07/12/2010 - v0.1 - created by Patrik Karlsson <patrik@cqure.net>
 -- Revised 07/23/2010 - v0.2 - added script usage and output and 
 -- 							 - oracle-brute.sid argument
+-- Revised 07/25/2011 - v0.3 - added support for guessing default accounts
+--								changed code to use ConnectionPool
 
 author = "Patrik Karlsson"
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
@@ -44,34 +62,37 @@ require 'creds'
 
 portrule = shortport.port_or_service(1521, "oracle-tns", "tcp", "open")
 
+local ConnectionPool = {}
+
 Driver = 
 {
 
-	new = function(self, host, port)
+	new = function(self, host, port, sid )
-		local o = {}
+		local o = { host = host, port = port, sid = sid }
        	setmetatable(o, self)
         self.__index = self
-		o.host = host
-		o.port = port
 		return o
 	end,
 	
 	--- Connects performs protocol negotiation
 	--
 	-- @return true on success, false on failure
-	connect = function( self )
+	connect = function( self )		
-		local status, data
-		self.helper = tns.Helper:new( self.host, self.port, nmap.registry.args['oracle-brute.sid'] )
-		
 		local MAX_RETRIES = 10
 		local tries = MAX_RETRIES
 		
+		self.helper = ConnectionPool[coroutine.running()]
+		if ( self.helper ) then return true end
+		
+		self.helper = tns.Helper:new( self.host, self.port, self.sid )
+		
 		-- This loop is intended for handling failed connections
 		-- A connection may fail for a number of different reasons.
 		-- For the moment, we're just handling the error code 12520
 		--
 		-- Error 12520 has been observed on Oracle XE and seems to
 		-- occur when a maximum connection count is reached.
+		local status, data
 		repeat
 			if ( tries < MAX_RETRIES ) then
 				stdnse.print_debug(2, "%s: Attempting to re-connect (attempt %d of %d)", SCRIPT_NAME, MAX_RETRIES - tries, MAX_RETRIES)
@@ -85,7 +106,11 @@ Driver =
 			end
 			tries = tries - 1
 			stdnse.sleep(1)
-		until( tries == 0 or data ~= "12520")
+		until( tries == 0 or data ~= "12520" )
+		
+		if ( status ) then
+			ConnectionPool[coroutine.running()] = self.helper
+		end
 		
 		return status, data
 	end,
@@ -101,6 +126,8 @@ Driver =
 		local status, data = self.helper:Login( username, password )
 		
 		if ( status ) then
+			self.helper:Close()
+			ConnectionPool[coroutine.running()] = nil
 			return true, brute.Account:new(username, password, creds.State.VALID)
 		-- Check for account locked message
 		elseif ( data:match("ORA[-]28000") ) then
@@ -111,6 +138,8 @@ Driver =
 			return false, brute.Error:new(data)
 		-- any other errors are likely communication related, attempt to re-try
 		else
+			self.helper:Close()
+			ConnectionPool[coroutine.running()] = nil
 			local err = brute.Error:new(data)
 			err:setRetry(true)
 			return false, err
@@ -122,39 +151,55 @@ Driver =
 	
 	--- Disconnects and terminates the Oracle TNS communication
 	disconnect = function( self )
-		self.helper:Close()
+		return true
 	end,
-	
+		
-	--- Perform a connection with the helper, this makes sure that the Oracle
-	-- instance is correct.
-	--
-	-- @return status true on success false on failure
-	-- @return err containing the error message on failure
-	check = function( self )
-		local helper = tns.Helper:new( self.host, self.port, nmap.registry.args['oracle-brute.sid'] )
-		local status, err = helper:Connect()
-
-		if( status ) then
-			helper:Close()
-			return true
-		end
-
-		return false, err
-	end,
-	
 }
 
 
 action = function(host, port)
-	local status, result 
+	local DEFAULT_ACCOUNTS = "nselib/data/oracle-default-accounts.lst"
-	local engine = brute.Engine:new(Driver, host, port )
+	local sid = stdnse.get_script_args('oracle-brute.sid') or
-	engine.options.script_name = SCRIPT_NAME
+				stdnse.get_script_args('tns.sid')
+	local engine = brute.Engine:new(Driver, host, port, sid)
+	local mode = "default"
 	
-	if ( not( nmap.registry.args['oracle-brute.sid'] ) and not( nmap.registry.args['tns.sid'] ) ) then
+	if ( not(sid) ) then
-		return "ERROR: Oracle instance not set (see oracle-brute.sid or tns.sid)"
+		return "\n  ERROR: Oracle instance not set (see oracle-brute.sid or tns.sid)"
+	end
+
+	local helper = tns.Helper:new( host, port, sid )
+	local status, result = helper:Connect()
+	if ( not(status) ) then
+		return "\n  ERROR: Failed to connect to oracle server"
+	end
+	helper:Close()
+
+	local f
+
+	if ( stdnse.get_script_args('userdb') or
+		 stdnse.get_script_args('passdb') or
+		 stdnse.get_script_args('oracle-brute.nodefault') or
+		 stdnse.get_script_args('brute.credfile') ) then
+		mode = nil
+	end
+
+	if ( mode == "default" ) then
+		f = nmap.fetchfile(DEFAULT_ACCOUNTS)
+		if ( not(f) ) then
+			return ("\n  ERROR: Failed to find %s"):format(DEFAULT_ACCOUNTS)
+		end
+
+		f = io.open(f)
+		if ( not(f) ) then
+			return ("\n  ERROR: Failed to open %s"):format(DEFAULT_ACCOUNTS)
+		end
+
+		engine:addIterator(brute.Iterators.credential_iterator(f))
 	end
 	
+	engine.options.script_name = SCRIPT_NAME
 	status, result = engine:start()
-
+	
 	return result
 end