Brute forcing Oracle SID names
Oracle SID names are used to identify database instances. The TNS listener service allows us to attempt dictionary attacks to find valid SID names.
This recipe shows how to brute force Oracle SID names with Nmap.
How to do it...
To brute force Oracle SID names, use the following Nmap command:
$ nmap -sV --script oracle-sid-brute <target>
All the SIDs found will be included in the NSE script output section for oracle-sid-brute
:
PORT STATE SERVICE REASON 1521/tcp open oracle syn-ack | oracle-sid-brute: | orcl | prod |_ devel
How it works...
The argument -sV --script oracle-sid-brute
tell Nmap to initiate service detection (-sV
) and use the NSE script oracle-sid-brute
.
The NSE script oracle-sid-brute
was submitted by Patrik Karlsson to help penetration testers enumerate Oracle SIDs by performing a dictionary attack against Oracle's TNS service. The script uses a list of common SID names to attempt to find valid ones. This script...