Call: +44 (0)7759 277220 Call
Blog

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Alex Kornbrust has released a Linux version of his Oracle password cracker"] [Next entry: "A correction to the author and URL for orabf.pl"]

A perl script to brute force database connections



I was made aware of this perl script on Digitalsec.net that can be used to brute force an Oracle database connection. The script is called bfora.pl and is described as "Brute force for Oracle databases". It first builds a TNS packet and uses this to interrogate an Oracle listener to get the details of SID and services that are available. Then it uses the SID's found and tries to brute force a connection. I have not done a detailed compare of this script with tnscmd.pl or with Patriks tools but there are some synergies. This still looks like a useful script that can be used where binaries are not a possibility. I have of course added it to my Oracle Security Tools page.