Nmap Development mailing list archives
Re: Script suggestion - oracle
From: Abuse 007 <abuse007 () gmail com>
Date: Thu, 11 Oct 2012 02:23:57 +1100
Hi Richard, I think you can use a comma, ',', like this: - --script-args=oracle-brute-stealth.sid=ORCL,oracle-brute-stealth.nodefault From earlier in the thread you can see a line wrapped example with multiple arguments separated by commas: - ./nmap --script oracle-brute-stealth -p 1521 --script-args oracle-brute-stealth.sid=ORCL,userdb=/home/user/userdb,passdb=/home/user/passdb 192.168.2.253 Cheers, Ab On Thu, Oct 11, 2012 at 1:57 AM, Richard Miles <richard.k.miles () googlemail com> wrote:
Nice to know it's part of the official nmap script. Patrik, how can I pass 2 or 3 parameters for the same script? For example, how to pass oracle-brute-stealth.sid=ORCL and oracle-brute-stealth.nodefault together? Thanks. On Sat, Oct 6, 2012 at 3:02 PM, Patrik Karlsson <patrik () cqure net> wrote:With the latest patch (attached) output is improved,✗ ./nmap --script oracle-brute-stealth -p 1521 --script-argsoracle-brute-stealth.sid=ORCL,userdb=/home/user/userdb,passdb=/home/user/passdb192.168.2.253 Starting Nmap 6.02 ( http://nmap.org ) at 2012-10-06 16:03 IST Nmap scan report for 192.168.2.253 Host is up (0.00027s latency). PORT STATE SERVICE 1521/tcp open oracle | oracle-brute-stealth: | Accounts |sys:$o5logon$022BE241D8412D17171EB9740F3E2EF8087D39AEAEA547721A3860148EE28420B37F329CE80E9B62A4E9586A2BF1715F*5B624C20405D6C0FCCC3- Hashed valid or invalid credentials |test:$o5logon$3DD61959DB37F02CE0F60F64FE0DCBEB27FD2F357E7F4E5789F37999399FD0562D4126F360FF58DF349142B2F2ABA36E*72C21891D052649660F2- Hashed valid or invalid credentials | Statistics |_ Performed 4 guesses in 1 seconds, average tps: 4 Nmap done: 1 IP address (1 host up) scanned in 0.43 seconds -- Cheers, Dhiru _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/Dhiru, Great work! I made some small changes and committed the script and changes to the libraries as r29953. I added support for specifying usernames as well as an JtR output file as arguments. I also put you as the author of the script. Thanks, Patrik -- Patrik Karlsson http://www.cqure.net http://twitter.com/nevdull77 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: Script suggestion - oracle Martin Holst Swende (Oct 04)
- Re: Script suggestion - oracle David Fifield (Oct 04)
- Re: Script suggestion - oracle Dhiru Kholia (Oct 04)
- Re: Script suggestion - oracle Richard Miles (Oct 04)
- Re: Script suggestion - oracle Dhiru Kholia (Oct 04)
- <Possible follow-ups>
- Re: Script suggestion - oracle Dhiru Kholia (Oct 06)
- Re: Script suggestion - oracle Dhiru Kholia (Oct 06)
- Re: Script suggestion - oracle Patrik Karlsson (Oct 06)
- Re: Script suggestion - oracle Richard Miles (Oct 10)
- Re: Script suggestion - oracle Abuse 007 (Oct 10)
- Re: Script suggestion - oracle Dhiru Kholia (Oct 06)
- Re: Script suggestion - oracle Richard Miles (Oct 10)
- Re: Script suggestion - oracle David Fifield (Oct 04)
- Re: Script suggestion - oracle Richard Miles (Oct 10)