PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-11 10:19:03 +00:00
Code Issues Projects Releases Wiki Activity

o [NSE] Added new default credential list for Oracle and modified the

Browse Source 
oracle-brute script to make use of it. [Patrik]
This commit is contained in:
patrik
2011-09-05 08:13:34 +00:00
parent 4e9265b883
commit ae75aa7fd3
3 changed files with 775 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
CHANGELOG
View File

@@ -1,5 +1,8 @@
# Nmap Changelog ($Id$); -*-text-*-
o [NSE] Added new default credential list for Oracle and modified the
oracle-brute script to make use of it. [Patrik]
o [NSE] Added xmpp-info.nse as a replacement for xmpp.nse. This updated version
brings new features and fixes. [Vasiliy Kulikov]
@@ -30,7 +33,8 @@ o [NSE] Added functions to packet.lua to make it easier to build IPv6
packets. [Weilin]
o [NSE] Added new script http-vuln-cve2011-3192 which checks whether an instance
of Apache is vulnerable to a DoS attack exploiting the byterange filter. [Duarte Silva].
of Apache is vulnerable to a DoS attack exploiting the byterange filter.
[Duarte Silva].
o [NSE] Fixed authentication problems in the TNS library that would prevent
authentication from working against Oracle 11.2.0.2.0 XE [Chris Woodbury]

687
nselib/data/oracle-default-accounts.lst Normal file
View File

@@ -0,0 +1,687 @@
#!comment: This password file was created from the hashes in dfltpass.sql a
#!comment: script created by Oracle to scan databases for default credentials.
AASH/AASH
ABA1/ABA1
ABM/ABM
AD_MONITOR/LIZARD
ADAMS/WOOD
ADS/ADS
ADSEUL_US/WELCOME
AHL/AHL
AHM/AHM
AK/AK
AL/AL
ALA1/ALA1
ALLUSERS/ALLUSERS
ALR/ALR
AMA1/AMA1
AMA2/AMA2
AMA3/AMA3
AMA4/AMA4
AMF/AMF
AMS/AMS
AMS1/AMS1
AMS2/AMS2
AMS3/AMS3
AMS4/AMS4
AMSYS/AMSYS
AMV/AMV
AMW/AMW
ANNE/ANNE
AOLDEMO/AOLDEMO
AP/AP
APA1/APA1
APA2/APA2
APA3/APA3
APA4/APA4
APPLEAD/APPLEAD
APPLSYS/FND
APPLSYS/APPS
APPLSYSPUB/PUB
APPS/APPS
APS1/APS1
APS2/APS2
APS3/APS3
APS4/APS4
AQDEMO/AQDEMO
AQJAVA/AQJAVA
AQUSER/AQUSER
AR/AR
ARA1/ARA1
ARA2/ARA2
ARA3/ARA3
ARA4/ARA4
ARS1/ARS1
ARS2/ARS2
ARS3/ARS3
ARS4/ARS4
ART/ART
ASF/ASF
ASG/ASG
ASL/ASL
ASN/ASN
ASO/ASO
ASP/ASP
AST/AST
AUC_GUEST/AUC_GUEST
AUTHORIA/AUTHORIA
AX/AX
AZ/AZ
B2B/B2B
BAM/BAM
BCA1/BCA1
BCA2/BCA2
BEN/BEN
BIC/BIC
BIL/BIL
BIM/BIM
BIS/BIS
BIV/BIV
BIX/BIX
BLAKE/PAPER
BMEADOWS/BMEADOWS
BNE/BNE
BOM/BOM
BP01/BP01
BP02/BP02
BP03/BP03
BP04/BP04
BP05/BP05
BP06/BP06
BSC/BSC
BUYACCT/BUYACCT
BUYAPPR1/BUYAPPR1
BUYAPPR2/BUYAPPR2
BUYAPPR3/BUYAPPR3
BUYER/BUYER
BUYMTCH/BUYMTCH
CAMRON/CAMRON
CANDICE/CANDICE
CARL/CARL
CARLY/CARLY
CARMEN/CARMEN
CARRIECONYERS/CARRIECONYERS
CATADMIN/CATADMIN
CE/CE
CEASAR/CEASAR
CENTRA/CENTRA
CFD/CFD
CHANDRA/CHANDRA
CHARLEY/CHARLEY
CHRISBAKER/CHRISBAKER
CHRISTIE/CHRISTIE
CINDY/CINDY
CLARK/CLARK
CLARK/CLOTH
CLAUDE/CLAUDE
CLINT/CLINT
CLN/CLN
CN/CN
CNCADMIN/CNCADMIN
CONNIE/CONNIE
CONNOR/CONNOR
CORY/CORY
CRM1/CRM1
CRM2/CRM2
CRP/CRP
CRPB733/CRPB733
CRPCTL/CRPCTL
CRPDTA/CRPDTA
CS/CS
CSADMIN/CSADMIN
CSAPPR1/CSAPPR1
CSC/CSC
CSD/CSD
CSDUMMY/CSDUMMY
CSE/CSE
CSF/CSF
CSI/CSI
CSL/CSL
CSM/CSM
CSMIG/CSMIG
CSP/CSP
CSR/CSR
CSS/CSS
CTXDEMO/CTXDEMO
CTXSYS/CTXSYS
CTXSYS/CHANGE_ON_INSTALL
CTXTEST/CTXTEST
CUA/CUA
CUE/CUE
CUF/CUF
CUG/CUG
CUI/CUI
CUN/CUN
CUP/CUP
CUS/CUS
CZ/CZ
DAVIDMORGAN/DAVIDMORGAN
DBSNMP/DBSNMP
DCM/DCM
DD7333/DD7333
DD7334/DD7334
DD810/DD810
DD811/DD811
DD812/DD812
DD9/DD9
DDB733/DDB733
DDD/DDD
DEMO8/DEMO8
DES/DES
DES2K/DES2K
DEV2000_DEMOS/DEV2000_DEMOS
DEVB733/DEVB733
DEVUSER/DEVUSER
DGRAY/WELCOME
DIP/DIP
DISCOVERER5/DISCOVERER5
DKING/DKING
DLD/DLD
DMADMIN/MANAGER
DMATS/DMATS
DMS/DMS
DMSYS/DMSYS
DOM/DOM
DPOND/DPOND
DSGATEWAY/DSGATEWAY
DV7333/DV7333
DV7334/DV7334
DV810/DV810
DV811/DV811
DV812/DV812
DV9/DV9
DVP1/DVP1
EAA/EAA
EAM/EAM
EC/EC
ECX/ECX
EDR/EDR
EDWEUL_US/EDWEUL_US
EDWREP/EDWREP
EGC1/EGC1
EGD1/EGD1
EGM1/EGM1
EGO/EGO
EGR1/EGR1
END1/END1
ENG/ENG
ENI/ENI
ENM1/ENM1
ENS1/ENS1
ENTMGR_CUST/ENTMGR_CUST
ENTMGR_PRO/ENTMGR_PRO
ENTMGR_TRAIN/ENTMGR_TRAIN
EOPP_PORTALADM/EOPP_PORTALADM
EOPP_PORTALMGR/EOPP_PORTALMGR
EOPP_USER/EOPP_USER
EUL_US/EUL_US
EVM/EVM
EXA1/EXA1
EXA2/EXA2
EXA3/EXA3
EXA4/EXA4
EXFSYS/EXFSYS
EXS1/EXS1
EXS2/EXS2
EXS3/EXS3
EXS4/EXS4
FA/FA
FEM/FEM
FIA1/FIA1
FII/FII
FLM/FLM
FNI1/FNI1
FNI2/FNI2
FPA/FPA
FPT/FPT
FRM/FRM
FTA1/FTA1
FTE/FTE
FUN/FUN
FV/FV
FVP1/FVP1
GALLEN/GALLEN
GCA1/GCA1
GCA2/GCA2
GCA3/GCA3
GCA9/GCA9
GCMGR1/GCMGR1
GCMGR2/GCMGR2
GCMGR3/GCMGR3
GCS/GCS
GCS1/GCS1
GCS2/GCS2
GCS3/GCS3
GEORGIAWINE/GEORGIAWINE
GL/GL
GLA1/GLA1
GLA2/GLA2
GLA3/GLA3
GLA4/GLA4
GLS1/GLS1
GLS2/GLS2
GLS3/GLS3
GLS4/GLS4
GM_AWDA/GM_AWDA
GM_COPI/GM_COPI
GM_DPHD/GM_DPHD
GM_MLCT/GM_MLCT
GM_PLADMA/GM_PLADMA
GM_PLADMH/GM_PLADMH
GM_PLCCA/GM_PLCCA
GM_PLCCH/GM_PLCCH
GM_PLCOMA/GM_PLCOMA
GM_PLCOMH/GM_PLCOMH
GM_PLCONA/GM_PLCONA
GM_PLCONH/GM_PLCONH
GM_PLNSCA/GM_PLNSCA
GM_PLNSCH/GM_PLNSCH
GM_PLSCTA/GM_PLSCTA
GM_PLSCTH/GM_PLSCTH
GM_PLVET/GM_PLVET
GM_SPO/GM_SPO
GM_STKH/GM_STKH
GMA/GMA
GMD/GMD
GME/GME
GMF/GMF
GMI/GMI
GML/GML
GMP/GMP
GMS/GMS
GR/GR
GUEST/GUEST
HCC/HCC
HHCFO/HHCFO
HR/HR
HRI/HRI
HXC/HXC
HXT/HXT
IA/IA
IBA/IBA
IBC/IBC
IBE/IBE
IBP/IBP
IBU/IBU
IBY/IBY
ICX/ICX
IEB/IEB
IEC/IEC
IEM/IEM
IEO/IEO
IES/IES
IEU/IEU
IEX/IEX
IGC/IGC
IGF/IGF
IGI/IGI
IGS/IGS
IGW/IGW
IMC/IMC
IMT/IMT
INS1/INS1
INS2/INS2
INV/INV
IP/IP
IPA/IPA
IPD/IPD
ISC/ISC
ISTEWARD/ISTEWARD
ITG/ITG
JA/JA
JD7333/JD7333
JD7334/JD7334
JD9/JD9
JDE/JDE
JDEDBA/JDEDBA
JE/JE
JG/JG
JL/JL
JOHNINARI/JOHNINARI
JONES/STEEL
JTF/JTF
JTI/JTI
JTM/JTM
JTR/JTR
JTS/JTS
JUNK_PS/JUNK_PS
JUSTOSHUM/JUSTOSHUM
KELLYJONES/KELLYJONES
KEVINDONS/KEVINDONS
KPN/KPN
LADAMS/LADAMS
LBA/LBA
LBACSYS/LBACSYS
LDQUAL/LDQUAL
LHILL/LHILL
LNS/LNS
LQUINCY/LQUINCY
LSA/LSA
MDDATA/MDDATA
MDSYS/MDSYS
MDSYS/SYS
ME/ME
MFG/MFG
MGR1/MGR1
MGR2/MGR2
MGR3/MGR3
MGR4/MGR4
MIKEIKEGAMI/MIKEIKEGAMI
MJONES/MJONES
MLAKE/MLAKE
MM1/MM1
MM2/MM2
MM3/MM3
MM4/MM4
MM5/MM5
MMARTIN/MMARTIN
MOBILEADMIN/WELCOME
MRP/MRP
MSC/MSC
MSD/MSD
MSO/MSO
MSR/MSR
MST/MST
MWA/MWA
NEILKATSU/NEILKATSU
OBJ7333/OBJ7333
OBJ7334/OBJ7334
OBJB733/OBJB733
OCA/OCA
ODM/ODM
ODM_MTR/MTRPW
ODS/ODS
ODSCOMMON/ODSCOMMON
OE/OE
OKB/OKB
OKC/OKC
OKE/OKE
OKI/OKI
OKL/OKL
OKO/OKO
OKR/OKR
OKS/OKS
OKX/OKX
OL810/OL810
OL811/OL811
OL812/OL812
OL9/OL9
OLAPSYS/MANAGER
ONT/ONT
OPI/OPI
ORABAM/ORABAM
ORABAMSAMPLES/ORABAMSAMPLES
ORABPEL/ORABPEL
ORAESB/ORAESB
ORAOCA_PUBLIC/ORAOCA_PUBLIC
ORASAGENT/ORASAGENT
ORASSO/ORASSO
ORASSO_DS/ORASSO_DS
ORASSO_PA/ORASSO_PA
ORASSO_PS/ORASSO_PS
ORASSO_PUBLIC/ORASSO_PUBLIC
ORDPLUGINS/ORDPLUGINS
ORDSYS/ORDSYS
OSM/OSM
OTA/OTA
OUTLN/OUTLN
OWAPUB/OWAPUB
OWF_MGR/OWF_MGR
OZF/OZF
OZP/OZP
OZS/OZS
PA/PA
PABLO/PABLO
PAIGE/PAIGE
PAM/PAM
PARRISH/PARRISH
PARSON/PARSON
PAT/PAT
PATORILY/PATORILY
PATRICKSANCHEZ/PATRICKSANCHEZ
PATSY/PATSY
PAUL/PAUL
PAULA/PAULA
PAXTON/PAXTON
PCA1/PCA1
PCA2/PCA2
PCA3/PCA3
PCA4/PCA4
PCS1/PCS1
PCS2/PCS2
PCS3/PCS3
PCS4/PCS4
PD7333/PD7333
PD7334/PD7334
PD810/PD810
PD811/PD811
PD812/PD812
PD9/PD9
PDA1/PDA1
PEARL/PEARL
PEG/PEG
PENNY/PENNY
PEOPLE/PEOP1E
PERCY/PERCY
PERRY/PERRY
PETE/PETE
PEYTON/PEYTON
PHIL/PHIL
PJI/PJI
PJM/PJM
PMI/PMI
PN/PN
PO/PO
POA/POA
POLLY/POLLY
POM/POM
PON/PON
PORTAL/PORTAL
PORTAL_APP/PORTAL_APP
PORTAL_DEMO/PORTAL_DEMO
PORTAL_PUBLIC/PORTAL_PUBLIC
PORTAL30/PORTAL30
PORTAL30_DEMO/PORTAL30_DEMO
PORTAL30_PUBLIC/PORTAL30_PUBLIC
PORTAL30_SSO/PORTAL30_SSO
PORTAL30_SSO_PS/PORTAL30_SSO_PS
POS/POS
PPM1/PPM1
PPM2/PPM2
PPM3/PPM3
PPM4/PPM4
PPM5/PPM5
PRISTB733/PRISTB733
PRISTCTL/PRISTCTL
PRISTDTA/PRISTDTA
PRODB733/PRODB733
PRODCTL/PRODCTL
PRODDTA/PRODDTA
PRODUSER/PRODUSER
PROJMFG/WELCOME
PRP/PRP
PS/PS
PS810/PS810
PS810CTL/PS810CTL
PS810DTA/PS810DTA
PS811/PS811
PS811CTL/PS811CTL
PS811DTA/PS811DTA
PS812/PS812
PS812CTL/PS812CTL
PS812DTA/PS812DTA
PSA/PSA
PSB/PSB
PSBASS/PSBASS
PSEM/PSEM
PSFT/PSFT
PSFTDBA/PSFTDBA
PSP/PSP
PTADMIN/PTADMIN
PTCNE/PTCNE
PTDMO/PTDMO
PTE/PTE
PTESP/PTESP
PTFRA/PTFRA
PTG/PTG
PTGER/PTGER
PTJPN/PTJPN
PTUKE/PTUKE
PTUPG/PTUPG
PTWEB/PTWEB
PTWEBSERVER/PTWEBSERVER
PV/PV
PY7333/PY7333
PY7334/PY7334
PY810/PY810
PY811/PY811
PY812/PY812
PY9/PY9
QA/QA
QOT/QOT
QP/QP
QRM/QRM
QS/QS
QS_ADM/QS_ADM
QS_CB/QS_CB
QS_CBADM/QS_CBADM
QS_CS/QS_CS
QS_ES/QS_ES
QS_OS/QS_OS
QS_WS/QS_WS
RENE/RENE
REPADMIN/REPADMIN
REPORTS/REPORTS
REPORTS_USER/OEM_TEMP
RESTRICTED_US/RESTRICTED_US
RG/RG
RHX/RHX
RLA/RLA
RLM/RLM
RM1/RM1
RM2/RM2
RM3/RM3
RM4/RM4
RM5/RM5
RMAN/RMAN
ROB/ROB
RPARKER/RPARKER
RWA1/RWA1
SALLYH/SALLYH
SAM/SAM
SARAHMANDY/SARAHMANDY
SCM1/SCM1
SCM2/SCM2
SCM3/SCM3
SCM4/SCM4
SCOTT/TIGER
SDAVIS/SDAVIS
SECDEMO/SECDEMO
SEDWARDS/SEDWARDS
SELLCM/SELLCM
SELLER/SELLER
SELLTREAS/SELLTREAS
SERVICES/WELCOME
SETUP/SETUP
SH/SH
SID/SID
SKAYE/SKAYE
SKYTETSUKA/SKYTETSUKA
SLSAA/SLSAA
SLSMGR/SLSMGR
SLSREP/SLSREP
SRABBITT/SRABBITT
SRALPHS/SRALPHS
SRAY/SRAY
SRIVERS/SRIVERS
SSA1/SSA1
SSA2/SSA2
SSA3/SSA3
SSC1/SSC1
SSC2/SSC2
SSC3/SSC3
SSOSDK/SSOSDK
SSP/SSP
SSS1/SSS1
SUPPLIER/SUPPLIER
SVM7333/SVM7333
SVM7334/SVM7334
SVM810/SVM810
SVM811/SVM811
SVM812/SVM812
SVM9/SVM9
SVMB733/SVMB733
SVP1/SVP1
SY810/SY810
SY811/SY811
SY812/SY812
SY9/SY9
SYS/WELCOME1
SYS/MANAGER
SYS/CHANGE_ON_INSTALL
SYS7333/SYS7333
SYS7334/SYS7334
SYSADMIN/SYSADMIN
SYSB733/SYSB733
SYSMAN/WELCOME1
SYSTEM/WELCOME1
SYSTEM/MANAGER
TDEMARCO/TDEMARCO
TDOS_ICSAP/TDOS_ICSAP
TESTCTL/TESTCTL
TESTDTA/TESTDTA
TRA1/TRA1
TRACESVR/TRACE
TRBM1/TRBM1
TRCM1/TRCM1
TRDM1/TRDM1
TRRM1/TRRM1
TWILLIAMS/TWILLIAMS
UDDISYS/UDDISYS
VEA/VEA
VEH/VEH
VIDEO31/VIDEO31
VIDEO4/VIDEO4
VIDEO5/VIDEO5
VP1/VP1
VP2/VP2
VP3/VP3
VP4/VP4
VP5/VP5
VP6/VP6
WAA1/WAA1
WAA2/WAA2
WCRSYS/WCRSYS
WEBDB/WEBDB
WEBSYS/WELCOME
WENDYCHO/WENDYCHO
WH/WH
WIP/WIP
WIRELESS/WELCOME
WIRELESS/WIRELESS
WK_TEST/WK_TEST
WKPROXY/WKPROXY
WKSYS/WKSYS
WMS/WMS
WMSYS/WMSYS
WPS/WPS
WSH/WSH
WSM/WSM
XDB/CHANGE_ON_INSTALL
XDO/XDO
XDP/XDP
XLA/XLA
XLE/XLE
XNB/XNB
XNC/XNC
XNI/XNI
XNM/XNM
XNP/XNP
XNS/XNS
XTR/XTR
YCAMPOS/YCAMPOS
YSANCHEZ/YSANCHEZ
ZFA/ZFA
ZPB/ZPB
ZSA/ZSA
ZX/ZX

121
scripts/oracle-brute.nse
View File

@@ -1,5 +1,20 @@
description = [[
Performs brute force password auditing against Oracle servers.
Running it in default mode it performs an audit against a list of common
Oracle usernames and passwords. The mode can be changed by supplying the
argument oracle-brute.nodefault at which point the script will use the
username- and password- lists supplied with Nmap. Custom username- and
password- lists may be supplied using the userdb and passdb arguments.
The default credential list can be changed too by using the brute.credfile
argument. In case the userdb or passdb arguments are supplied, the script
assumes that it should run in the nodefault mode.
In modern versions of Oracle password guessing speeds decrease after a few
guesses and remain slow, due to connection throttling.
WARNING: The script makes no attempt to discover the amount of guesses
that can be made before locking an account. Running this script may therefor
result in a large number of accounts being locked out on the database server.
]]
---
@@ -21,15 +36,18 @@ Performs brute force password auditing against Oracle servers.
-- x The Driver class contains the driver implementation used by the brute
-- library
--
-- @args oracle-brute.sid the instance against which to perform password
-- guessing
--
-- @args oracle-brute.sid - the instance against which to perform password
-- guessing
-- @args oracle-brute.nodefault - do not attempt to guess any Oracle default
-- accounts
--
-- Version 0.2
-- Version 0.3
-- Created 07/12/2010 - v0.1 - created by Patrik Karlsson <patrik@cqure.net>
-- Revised 07/23/2010 - v0.2 - added script usage and output and
-- - oracle-brute.sid argument
-- Revised 07/25/2011 - v0.3 - added support for guessing default accounts
-- changed code to use ConnectionPool
author = "Patrik Karlsson"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
@@ -44,34 +62,37 @@ require 'creds'
portrule = shortport.port_or_service(1521, "oracle-tns", "tcp", "open")
local ConnectionPool = {}
Driver =
{
new = function(self, host, port)
local o = {}
new = function(self, host, port, sid )
local o = { host = host, port = port, sid = sid }
setmetatable(o, self)
self.__index = self
o.host = host
o.port = port
return o
end,
--- Connects performs protocol negotiation
--
-- @return true on success, false on failure
connect = function( self )
local status, data
self.helper = tns.Helper:new( self.host, self.port, nmap.registry.args['oracle-brute.sid'] )
connect = function( self )
local MAX_RETRIES = 10
local tries = MAX_RETRIES
self.helper = ConnectionPool[coroutine.running()]
if ( self.helper ) then return true end
self.helper = tns.Helper:new( self.host, self.port, self.sid )
-- This loop is intended for handling failed connections
-- A connection may fail for a number of different reasons.
-- For the moment, we're just handling the error code 12520
--
-- Error 12520 has been observed on Oracle XE and seems to
-- occur when a maximum connection count is reached.
local status, data
repeat
if ( tries < MAX_RETRIES ) then
stdnse.print_debug(2, "%s: Attempting to re-connect (attempt %d of %d)", SCRIPT_NAME, MAX_RETRIES - tries, MAX_RETRIES)
@@ -85,7 +106,11 @@ Driver =
end
tries = tries - 1
stdnse.sleep(1)
until( tries == 0 or data ~= "12520")
until( tries == 0 or data ~= "12520" )
if ( status ) then
ConnectionPool[coroutine.running()] = self.helper
end
return status, data
end,
@@ -101,6 +126,8 @@ Driver =
local status, data = self.helper:Login( username, password )
if ( status ) then
self.helper:Close()
ConnectionPool[coroutine.running()] = nil
return true, brute.Account:new(username, password, creds.State.VALID)
-- Check for account locked message
elseif ( data:match("ORA[-]28000") ) then
@@ -111,6 +138,8 @@ Driver =
return false, brute.Error:new(data)
-- any other errors are likely communication related, attempt to re-try
else
self.helper:Close()
ConnectionPool[coroutine.running()] = nil
local err = brute.Error:new(data)
err:setRetry(true)
return false, err
@@ -122,39 +151,55 @@ Driver =
--- Disconnects and terminates the Oracle TNS communication
disconnect = function( self )
self.helper:Close()
return true
end,
--- Perform a connection with the helper, this makes sure that the Oracle
-- instance is correct.
--
-- @return status true on success false on failure
-- @return err containing the error message on failure
check = function( self )
local helper = tns.Helper:new( self.host, self.port, nmap.registry.args['oracle-brute.sid'] )
local status, err = helper:Connect()
if( status ) then
helper:Close()
return true
end
return false, err
end,
}
action = function(host, port)
local status, result
local engine = brute.Engine:new(Driver, host, port )
engine.options.script_name = SCRIPT_NAME
local DEFAULT_ACCOUNTS = "nselib/data/oracle-default-accounts.lst"
local sid = stdnse.get_script_args('oracle-brute.sid') or
stdnse.get_script_args('tns.sid')
local engine = brute.Engine:new(Driver, host, port, sid)
local mode = "default"
if ( not( nmap.registry.args['oracle-brute.sid'] ) and not( nmap.registry.args['tns.sid'] ) ) then
return "ERROR: Oracle instance not set (see oracle-brute.sid or tns.sid)"
if ( not(sid) ) then
return "\n ERROR: Oracle instance not set (see oracle-brute.sid or tns.sid)"
end
local helper = tns.Helper:new( host, port, sid )
local status, result = helper:Connect()
if ( not(status) ) then
return "\n ERROR: Failed to connect to oracle server"
end
helper:Close()
local f
if ( stdnse.get_script_args('userdb') or
stdnse.get_script_args('passdb') or
stdnse.get_script_args('oracle-brute.nodefault') or
stdnse.get_script_args('brute.credfile') ) then
mode = nil
end
if ( mode == "default" ) then
f = nmap.fetchfile(DEFAULT_ACCOUNTS)
if ( not(f) ) then
return ("\n ERROR: Failed to find %s"):format(DEFAULT_ACCOUNTS)
end
f = io.open(f)
if ( not(f) ) then
return ("\n ERROR: Failed to open %s"):format(DEFAULT_ACCOUNTS)
end
engine:addIterator(brute.Iterators.credential_iterator(f))
end
engine.options.script_name = SCRIPT_NAME
status, result = engine:start()
return result
end