Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

auxiliary/scanner/oracle/oracle_login Cannot locate nmap binary #19144

Closed
devilmandare opened this issue Apr 28, 2024 · 2 comments
Closed

auxiliary/scanner/oracle/oracle_login Cannot locate nmap binary #19144

devilmandare opened this issue Apr 28, 2024 · 2 comments
Labels
question Questions about Metasploit Usage

Comments

@devilmandare
Copy link

devilmandare commented Apr 28, 2024
edited by bcoles
Loading 

msf6 auxiliary(scanner/oracle/oracle_login) > info

       Name: Oracle RDBMS Login Utility
     Module: auxiliary/scanner/oracle/oracle_login
    License: Metasploit Framework License (BSD)
       Rank: Normal

Provided by:
  Patrik Karlsson <patrik@cqure.net>
  todb <todb@metasploit.com>

Check supported:
  No

Basic options:
  Name              Current Setting                               Required  Description
  ----              ---------------                               --------  -----------
  ANONYMOUS_LOGIN   false                                         yes       Attempt to login with a blank username and password
  BLANK_PASSWORDS   false                                         no        Try blank passwords for all users
  BRUTEFORCE_SPEED  5                                             yes       How fast to bruteforce, from 0 to 5
  DB_ALL_CREDS      false                                         no        Try each user/password couple stored in the current database
  DB_ALL_PASS       false                                         no        Add all passwords in the current database to the list
  DB_ALL_USERS      false                                         no        Add all users in the current database to the list
  DB_SKIP_EXISTING  none                                          no        Skip existing credentials stored in the current database (Accepted: none, user,
                                                                            user&realm)
  NMAP_VERBOSE      true                                          no        Display nmap output
  PASSWORD                                                        no        A specific password to authenticate with
  PASS_FILE                                                       no        File containing passwords, one per line
  RHOSTS            172.16.*.*                                  yes       The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics
                                                                            /using-metasploit.html
  RPORTS            *                                          no        Ports to target
  SID               XE                                            yes       The instance (SID) to authenticate against
  STOP_ON_SUCCESS   false                                         yes       Stop guessing when a credential works for a host
  THREADS           1                                             yes       The number of concurrent threads (max one per host)
  USERNAME          admin                                        no        A specific username to authenticate as
  USERPASS_FILE      no        File containing (space-separated) users and passwords, one pair per line
  USER_AS_PASS      false                                         no        Try the username as the password for all users
  USER_FILE                                                       no        File containing usernames, one per line
  VERBOSE           true                                         yes       Whether to print output for all attempts

Description:
  This module attempts to authenticate against an Oracle RDBMS
  instance using username and password combinations indicated
  by the USER_FILE, PASS_FILE, and USERPASS_FILE options.

  Due to a bug in nmap versions 6.50-7.80 may not work.

References:
  https://www.oracle.com/database/
  https://nvd.nist.gov/vuln/detail/CVE-1999-0502
  https://nmap.org/nsedoc/scripts/oracle-brute.html


View the full module info with the info -d command.

msf6 auxiliary(scanner/oracle/oracle_login) > run

[-] Auxiliary failed: RuntimeError Cannot locate nmap binary
[-] Call stack:
[-]   D:/metasploit-framework/embedded/framework/lib/msf/core/auxiliary/nmap.rb:55:in `get_nmap_ver'
[-]   D:/metasploit-framework/embedded/framework/lib/msf/core/auxiliary/nmap.rb:74:in `nmap_version_at_least?'
[-]   D:/metasploit-framework/embedded/framework/modules/auxiliary/scanner/oracle/oracle_login.rb:50:in `run'
[*] Auxiliary module execution completed
@bcoles
Copy link
Contributor

bcoles commented Apr 28, 2024

Ensue nmap is in your system PATH.

@adfoster-r7
Copy link
Contributor

Will mark this as closed, as it's look like an end user environment issue which can be resolved by installing nmap and making it available as part of the path environment variable

@adfoster-r7 adfoster-r7 added question Questions about Metasploit Usage and removed bug labels May 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Questions about Metasploit Usage
Projects
Metasploit Kanban
Archived in project
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bcoles @devilmandare @adfoster-r7