Tag Archives: 11g

Oracle query support in Nmap

I’ve just committed an updated version of the TNS library to Nmap, adding support for running Oracle database queries from Nmap scripts. I’ve put a considerable amount of work into trying to understand how the protocol works, due to the lack of documentation, and think that I’ve finally succeeded.

In addition I’ve posted two new scripts to the nmap-dev mailing list that make use of this new functionality:

  • oracle-query – runs a given query against the Oracle database server and returns the results
  • oracle-hash-dump – dumps the password hashes from an Oracle database server

In case you have the possibility to test this new code against Oracle 10g and 11g, please let me know how it works out. I’ll hopefully commit the two scripts to Nmap within the next few days.

Nmap oracle-sid-brute v0.2 released

I have created a new Nmap script that attempts to determine valid Oracle instance names by guessing names from a dictionary against the TNS-listener. It’s available, together with my other scripts, from the nmap scripts page.

Continue reading