module

Oracle iSQLPlus SID Check

Try Surface Command
Back to search
Disclosed
N/A
Created
May 30, 2018

Description

This module attempts to bruteforce the SID on the Oracle application server iSQL*Plus
login pages. It does this by testing Oracle error responses returned in the HTTP response.
Incorrect username/pass with a correct SID will produce an Oracle ORA-01017 error.
Works against Oracle 9.2, 10.1 & 10.2 iSQL*Plus. This module will attempt to
fingerprint the version and automatically select the correct POST request.

Authors

CG [email protected]
todb [email protected]

References

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':


    msf > use auxiliary/scanner/oracle/isqlplus_sidbrute
    msf auxiliary(isqlplus_sidbrute) > show actions
        ...actions...
    msf auxiliary(isqlplus_sidbrute) > set ACTION < action-name >
    msf auxiliary(isqlplus_sidbrute) > show options
        ...show and set options...
    msf auxiliary(isqlplus_sidbrute) > run
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today