Database Reference
In-Depth Information
else
{
print "Oracle version at $host is not recognized so probably 11g - see Paul Wright
about new version of PAT in current development!\n";
(@OraCheck)= `/usr/bin/nmap -PN -n -p 1521 $host --script oracle-sid-brute --script-
args=oraclesids=/home/oracle/paulsperl/mac/oracle/oracle-sids`;
print "1 @OraCheck\n";
if (substr($OraCheck[8], -10)=~ /|_/)
{
print "match succeeded ~ SID gainded!\n";
print MYFILE "match succeeded ~ SID gainded!\n";
$OraCheck[8] =~ s/_/ /;
$OraCheck[8] =~ s/\|/ /;
$OraCheck[8] =~ s/ //g; #strips out whitespace
}
print "@OraCheck\n";#this is a good sid
(@OraResult) = `./oralogonsid.pl -h $host -l orapwshort.csv -S $OraCheck[8]`;#change
var names here
print "@OraResult\n";
print MYFILE "@OraCheck\n";
}
}
else
{
print "No Oracle listener at $host\n";
print MYFILE "No Oracle listener at $host\n";
}
$count++;
close (MYFILE);
}
}
Reviewing the Results
The following is the resulting output from this tool (using a SID file that contains the correct SID and a user/password
file that contains a correct user/password). This type of scan is a numbers game in that the guesses are simple but
the network is large enough to contain an error by the DBA. Security is asymmetric. It is very difficult to keep all hosts
secure all the time. That is why an internal audit is required to catch the mistakes before others do.
oracle@linuxbox ~/paulsperl/mac/oracle/pat/patv2 $ ./pat.pl 192.168.1.
No Oracle listener at 192.168.1.29
No Oracle listener at 192.168.1.30
No Oracle listener at 192.168.1.31
No Oracle listener at 192.168.1.32
Oracle Host 192.168.1.33 responds successfully in 0 milliseconds
The TNS version string from 192.168.1.33 is - connect .e......"..Y(DESCRIPTION=(TMP=)
(VSNNUM=186646784)(ERR=1189)(ERROR_STACK=(ERROR=(CODE=1189)(EMFI=4))))
