[Previous entry: "Alex Kornbrust has released a Linux version of his Oracle password cracker"] [Next entry: "A correction to the author and URL for orabf.pl"]
A perl script to brute force database connections
August 24th, 2005 by Pete
Post to del.icio.us
Post to Furl
I was made aware of this perl script on Digitalsec.net that can be used to brute force an Oracle database connection. The script is called bfora.pl and is described as "Brute force for Oracle databases". It first builds a TNS packet and uses this to interrogate an Oracle listener to get the details of SID and services that are available. Then it uses the SID's found and tries to brute force a connection. I have not done a detailed compare of this script with tnscmd.pl or with Patriks tools but there are some synergies. This still looks like a useful script that can be used where binaries are not a possibility. I have of course added it to my Oracle Security Tools page.
