I’ve just committed an updated version of the TNS library to Nmap, adding support for running Oracle database queries from Nmap scripts. I’ve put a considerable amount of work into trying to understand how the protocol works, due to the lack of documentation, and think that I’ve finally succeeded.
In addition I’ve posted two new scripts to the nmap-dev mailing list that make use of this new functionality:
- oracle-query – runs a given query against the Oracle database server and returns the results
- oracle-hash-dump – dumps the password hashes from an Oracle database server
In case you have the possibility to test this new code against Oracle 10g and 11g, please let me know how it works out. I’ll hopefully commit the two scripts to Nmap within the next few days.