search

rapid7 / metasploit-framework

Metasploit Framework
https://www.metasploit.com/
Other
34.19k stars 13.98k forks source link

auxiliary/scanner/oracle/oracle_login Cannot locate nmap binary #19144

Closed devilmandare closed 6 months ago

devilmandare commented 6 months ago 
msf6 auxiliary(scanner/oracle/oracle_login) > info

       Name: Oracle RDBMS Login Utility
     Module: auxiliary/scanner/oracle/oracle_login
    License: Metasploit Framework License (BSD)
       Rank: Normal

Provided by:
  Patrik Karlsson <patrik@cqure.net>
  todb <todb@metasploit.com>

Check supported:
  No

Basic options:
  Name              Current Setting                               Required  Description
  ----              ---------------                               --------  -----------
  ANONYMOUS_LOGIN   false                                         yes       Attempt to login with a blank username and password
  BLANK_PASSWORDS   false                                         no        Try blank passwords for all users
  BRUTEFORCE_SPEED  5                                             yes       How fast to bruteforce, from 0 to 5
  DB_ALL_CREDS      false                                         no        Try each user/password couple stored in the current database
  DB_ALL_PASS       false                                         no        Add all passwords in the current database to the list
  DB_ALL_USERS      false                                         no        Add all users in the current database to the list
  DB_SKIP_EXISTING  none                                          no        Skip existing credentials stored in the current database (Accepted: none, user,
                                                                            user&realm)
  NMAP_VERBOSE      true                                          no        Display nmap output
  PASSWORD                                                        no        A specific password to authenticate with
  PASS_FILE                                                       no        File containing passwords, one per line
  RHOSTS            172.16.*.*                                  yes       The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics
                                                                            /using-metasploit.html
  RPORTS            *                                          no        Ports to target
  SID               XE                                            yes       The instance (SID) to authenticate against
  STOP_ON_SUCCESS   false                                         yes       Stop guessing when a credential works for a host
  THREADS           1                                             yes       The number of concurrent threads (max one per host)
  USERNAME          admin                                        no        A specific username to authenticate as
  USERPASS_FILE      no        File containing (space-separated) users and passwords, one pair per line
  USER_AS_PASS      false                                         no        Try the username as the password for all users
  USER_FILE                                                       no        File containing usernames, one per line
  VERBOSE           true                                         yes       Whether to print output for all attempts

Description:
  This module attempts to authenticate against an Oracle RDBMS
  instance using username and password combinations indicated
  by the USER_FILE, PASS_FILE, and USERPASS_FILE options.

  Due to a bug in nmap versions 6.50-7.80 may not work.

References:
  https://www.oracle.com/database/
  https://nvd.nist.gov/vuln/detail/CVE-1999-0502
  https://nmap.org/nsedoc/scripts/oracle-brute.html

View the full module info with the info -d command.

msf6 auxiliary(scanner/oracle/oracle_login) > run

[-] Auxiliary failed: RuntimeError Cannot locate nmap binary
[-] Call stack:
[-]   D:/metasploit-framework/embedded/framework/lib/msf/core/auxiliary/nmap.rb:55:in `get_nmap_ver'
[-]   D:/metasploit-framework/embedded/framework/lib/msf/core/auxiliary/nmap.rb:74:in `nmap_version_at_least?'
[-]   D:/metasploit-framework/embedded/framework/modules/auxiliary/scanner/oracle/oracle_login.rb:50:in `run'
[*] Auxiliary module execution completed
bcoles commented 6 months ago

Ensue nmap is in your system PATH.

adfoster-r7 commented 6 months ago

Will mark this as closed, as it's look like an end user environment issue which can be resolved by installing nmap and making it available as part of the path environment variable