module
Oracle iSQLPlus SID Check
| Disclosed | Created |
|---|---|
| 01/01/1970 | 05/30/2018 |
Disclosed
01/01/1970
Created
05/30/2018
Description
This module attempts to bruteforce the SID on the Oracle application server iSQL*Plus
login pages. It does this by testing Oracle error responses returned in the HTTP response.
Incorrect username/pass with a correct SID will produce an Oracle ORA-01017 error.
Works against Oracle 9.2, 10.1 & 10.2 iSQL*Plus. This module will attempt to
fingerprint the version and automatically select the correct POST request.
login pages. It does this by testing Oracle error responses returned in the HTTP response.
Incorrect username/pass with a correct SID will produce an Oracle ORA-01017 error.
Works against Oracle 9.2, 10.1 & 10.2 iSQL*Plus. This module will attempt to
fingerprint the version and automatically select the correct POST request.
Authors
CG todb
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
msf > use auxiliary/scanner/oracle/isqlplus_sidbrute
msf /(e) > show actions
...actions...
msf /(e) > set ACTION < action-name >
msf /(e) > show options
...show and set options...
msf /(e) > run
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.