Database Reference
In-Depth Information
(@OraCheck) = `./oralogonsid.pl -h $host -l orapwshort.csv -S $OraSID`;
print "@OraCheck\n";
print MYFILE "@OraCheck\n";
}
#9.2 don't need to pass SID
elsif ($OraVer =~ / 9\.2/)
{
print "Oracle Version at $host is 9.2\n";
(@OraCheck) = `./oralogon.pl -h $host -l orapwshort.csv`;
print "@OraCheck\n";
print MYFILE "@OraCheck\n";
print MYFILE "@OraResult\n";
}
elsif ($OraVer =~ / 10\./)
{
print "Oracle Version at $host is 10g\n";
#Step 2 10g/11g brute force the SID using nmap
(@OraCheck)= `/usr/bin/map -sV --script oracle-sid-brute --script-
args=oraclesids=/home/oracle/paulsperl/mac/oracle/oracle-sids $host -p 1521`;
print "1 $OraCheck[8]\n";
if (substr($OraCheck[8], -10)=~ /|_/)
{
print "match succeeded ~ SID gainded!\n";
print MYFILE "match succeeded ~ SID gainded!\n";
$OraCheck[8] =~ s/_/ /;
$OraCheck[8] =~ s/\|/ /;
$OraCheck[8] =~ s/ //g;
}
print "@OraCheck\n";
#Step 3 attempt to logon to the discovered database using the guessed SID
(@OraResult) = `./oralogonsid.pl -h $host -l orapwshort.csv -S
$OraCheck[8]`;
print "@OraResult\n";
print MYFILE "@OraCheck\n";
print MYFILE "@OraResult\n";
}
else
{
print "Oracle version at $host looks like 11g\n";
(@OraCheck)= `/usr/bin/nmap -sV --script oracle-sid-brute --script-
args=oraclesids=/home/oracle/paulsperl/mac/oracle/oracle-sids $host -p 1521`;
print "1 @OraCheck\n";
if (substr($OraCheck[8], -10)=~ /|_/)
{
print "match succeeded ~ SID gainded!\n";
print MYFILE "match succeeded ~ SID gainded!\n";
$OraCheck[8] =~ s/_/ /;
$OraCheck[8] =~ s/\|/ /;
$OraCheck[8] =~ s/ //g; #strips out whitespace
}
