Hi.
sqlmap supports it. Sample console output:
$ python sqlmap.py -d "oracle://SYSTEM:testpass@192.168.5.27:1521/testdb"
-v 5 --banner
sqlmap/1.0-dev-8dac47f - automatic SQL injection and database takeover
tool
http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior
mutual consent is illegal. It is the end user's responsibility to obey all
applicable local, state and federal laws. Developers assume no liability
and are not responsible for any misuse or damage caused by this program
[*] starting at 20:15:37
[20:15:37] [DEBUG] cleaning up configuration parameters
[20:15:37] [DEBUG] forcing timeout to 10 seconds
[20:15:37] [INFO] connection to oracle server 192.168.5.27:1521 established
[20:15:37] [INFO] the back-end DBMS is Oracle
[20:15:37] [INFO] fetching banner
[20:15:37] [PAYLOAD] SELECT NVL(CAST(banner AS VARCHAR(4000)),' ') FROM
v$version WHERE ROWNUM=1
back-end DBMS: Oracle
banner: 'Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 -
Prod'
[20:15:37] [INFO] connection to oracle server 192.168.5.27:1521 closed
[*] shutting down at 20:15:37
Could you please check that you run the latest revision from the Github
repository and try to run it with -v 5? Strange thing with your case is
"sqlmap was not able to fingerprint..." while there is no fingerprinting in
sqlmap's direct mode (at least in HEAD revision).
Kind regards,
Miroslav Stampar
On Mon, Oct 21, 2013 at 7:24 PM, Brian Milliron <br...@ecrsecurity.com>wrote:
> Using sqlmap on a recently updated Kali installation, I tried to connect
> to an Oracle db using this command:
> sqlmap -d Oracle://user:pass@10.10.10.10:1521/SID
> I get the error message "[CRITICAL] sqlmap was not able to fingerprint
> the back-end database management system. Support for this DBMS will be
> implemented at some point.
>
> The wiki on github states that Oracle is supported for direct
> connections, so there is some confusion here. Wireshark confirms no
> attempt to connect to the server is made at all and the syntax of the
> command appears correct. Can you confirm whether sqlmap currently
> supports direct connections to Oracle databases or if there is some
> other problem?
>
>
> --
> Brian Milliron, CEO
> ECR Security
> http://www.ECRSecurity.com
> 512-422-5408
>
>
> ------------------------------------------------------------------------------
> October Webinars: Code for Performance
> Free Intel webinars can help you accelerate application performance.
> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most
> from
> the latest Intel processors and coprocessors. See abstracts and register >
> http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
--
Miroslav Stampar
http://about.me/stamparm
------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
