Nmap Development mailing list archives
Re: Question regarding oracle-dump-hashes NSE script
From: Patrik Karlsson <patrik () cqure net>
Date: Tue, 13 Mar 2012 20:16:53 +0100
On Tue, Mar 13, 2012 at 8:05 PM, Johnny Xmas <johnny () johnnyxmas net> wrote:
Hello! I'm attempting to use it in conjunction with the latest version of NMap ( 5.61TEST5), to no avail. Nmap works fine, does everything else I ask of it, and other scripts generally perform as expected. I invoke oracle-dump-hashes like so: # nmap -p 1527 --script oracle-dump-hashes.nse --script-args="creds.oracle='username:password'" <ip-of-server> But this is the only output that is generated: Starting Nmap 5.61TEST5 ( http://nmap.org ) at 2012-03-13 08:26 CDT Nmap scan report for <hostname> <(ip)> Host is up (0.0012s latency). PORT STATE SERVICE 1527/tcp open tlisrv And that's it. No output from NSE whatsoever, and the expected files are not written. Has anyone else tried this script? Can anyone assist?
Hi Johnny, I'm the author of the script which unfortunately hasn't made it into Nmap yet, so I'm guessing you downloaded it from the mailing list archive? I was experiencing a lot of problems with this script when I wrote it as it depends on the query functionality in the oracle TNS library. As we have implemented TNS entirely in Lua and due to the lack of proper protocol documentation I didn't spend more time trying to get query support working on the platforms where it failed. While everything looked good when running the script against my test environment it turned out that there was problems with running queries against other versions, architectures and OS:es. I spent quite some time fixing a few of these issues but never got it working good enough to enable the functionality needed by this script. If you look at the table in the documentation for the tns.lua library in the nselib directory you can determine if queries are likely to work or not against the particular Oracle environment your running against. //Patrik -- Patrik Karlsson http://www.cqure.net http://twitter.com/nevdull77 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Question regarding oracle-dump-hashes NSE script Johnny Xmas (Mar 13)
- Re: Question regarding oracle-dump-hashes NSE script Patrik Karlsson (Mar 13)