Discovering Oracle Accounts With Nmap

10 Mar

If we are conducting an infrastructure penetration test and we have discover an Oracle database during the information gathering stage then we can use Nmap to perform some checks that will help us to obtain potentially the accounts that exists on the database. These checks can be executed with two scripts that Nmap contains in his scripting engine.Specifically the scripts that we will need to use are the following:

  • oracle-sid-brute
  • oracle-brute

Oracle databases are running on port 1521 so in most of the cases we can identify them just by checking if this port is open on our target host.The next step is to use the script oracle-sid-brute which will try to brute force common oracle SID’s.The next image is showing the use of this script and that has successfully identified that the SID is XE.

Brute Forcing Oracle SID's - Nmap

Brute Forcing Oracle SID’s – Nmap


Now that we know the SID of the Oracle database we can use the oracle-brute script to discover the valid specifying the SID name

Discovering Oracle Accounts

Discovering Oracle Accounts



With these two scripts we can perform security audits against an Oracle database with Nmap.However the drawback as the above image indicates is that we can lock the accounts as the script doesn’t have a check about the number of tries that will execute in order to prevent the account lockout.From the other hand it is a very fast approach for detecting oracle accounts through Nmap during the information gathering.


Posted by on March 10, 2013 in Information Gathering


Tags: , , , , ,

2 responses to “Discovering Oracle Accounts With Nmap

  1. Manoj Singh

    March 11, 2013 at 6:38 am

    adding one more script for oracle db as
    nmap –script oracle-enum-users

  2. npn

    August 14, 2013 at 4:54 pm

    Outside of the scope of this article, however ‘OAT’ and ‘oscanner’ are excellent tools for further Oracle probing


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: