The teradata_odbc_sql module is used to run SQL queries for Teradata databases.
Vulnerable Application
Teradata Database
Teradata Express
Teradata databases can be identified by scanning for TCP port 1025. An Nmap version scan can confirm if the service is recognized as Teradata.
The teradata_odbc_login module can be used to brute-force credentials.
This module requires the Teradata ODBC driver and the Teradata python library.
ODBC Driver for Kali Linux 2017.3
Download the Teradata ODBC driver for Ubuntu from downloads.teradata.com.
Refer to the Ubuntu package README for up-to-date instructions.
Install lib32stdc++6 if necessary.
Install the ODBC drivers: dpkg -i [package].deb
Copy /opt/teradata/client/ODBC_64/odbc.ini to /root/.odbc.ini .
Configuration for OS X
On OS X the Python client needs to be pointed to the ODBC driver manually. Create ~/udaexec.ini with the following contents:
odbcLibPath=/usr/lib/libiodbc.dylib
Python Package
Verification Steps
Deploy a Teradata Express test environment.
Install the OBCD driver and python package.
Start msfconsole.
Do: use auxiliary/admin/teradata/teradata_odbc_sql
Do: set RHOSTS [IPs]
Do: set USERNAME [username to try]
Do: set PASSWORD [password to try]
Set a SQL query for the 'SQL' option.
Do: run
msf > use auxiliary/admin/teradata/teradata_odbc_sql
msf auxiliary(admin/teradata/teradata_odbc_sql) > show options
Module options (auxiliary/admin/teradata/teradata_odbc_sql):
Name Current Setting Required Description
---- --------------- -------- -----------
PASSWORD dbc yes Password
RHOSTS yes The target address range or CIDR identifier
SQL SELECT DATABASENAME FROM DBC.DATABASES yes SQL query to perform
THREADS 1 yes The number of concurrent threads
USERNAME dbc yes Username
msf auxiliary(admin/teradata/teradata_odbc_sql) > set RHOSTS 192.168.0.2
RHOSTS => 192.168.0.2
msf auxiliary(admin/teradata/teradata_odbc_sql) > run
[*] Running for 192.168.0.2...
[*] 192.168.0.2 - dbc:dbc - Starting
[*] 192.168.0.2 - Creating connection: %s
[*] 192.168.0.2 - Loading ODBC Library: %s
[*] 192.168.0.2 - Available drivers: Teradata Database ODBC Driver 16.20,
[*] 192.168.0.2 - Connection successful. Duration: %.3f seconds. Details: %s
[+] 192.168.0.2 - dbc:dbc - Login Successful
[*] 192.168.0.2 - Starting - SELECT DATABASENAME FROM DBC.DATABASES
[*] 192.168.0.2 - Query Successful. Duration: %.3f seconds,%sQuery: %s%s
[+] 192.168.0.2 - Row 1: [DatabaseUser ]
[+] 192.168.0.2 - Row 2: [All ]
[+] 192.168.0.2 - Row 3: [SYSJDBC ]
[+] 192.168.0.2 - Row 4: [TDStats ]
[+] 192.168.0.2 - Row 5: [TD_SYSXML ]
[+] 192.168.0.2 - Row 6: [PUBLIC ]
[+] 192.168.0.2 - Row 7: [DBC ]
[+] 192.168.0.2 - Row 8: [SYSBAR ]
[+] 192.168.0.2 - Row 9: [TD_SYSGPL ]
[+] 192.168.0.2 - Row 10: [SYSLIB ]
[+] 192.168.0.2 - Row 11: [SQLJ ]
[+] 192.168.0.2 - Row 12: [LockLogShredder ]
[+] 192.168.0.2 - Row 13: [Default ]
[+] 192.168.0.2 - Row 14: [TDPUSER ]
[+] 192.168.0.2 - Row 15: [TD_SYSFNLIB ]
[+] 192.168.0.2 - Row 16: [EXTUSER ]
[+] 192.168.0.2 - Row 17: [tdwm ]
[+] 192.168.0.2 - Row 18: [SystemFe ]
[+] 192.168.0.2 - Row 19: [External_AP ]
[+] 192.168.0.2 - Row 20: [TDQCD ]
[+] 192.168.0.2 - Row 21: [dbcmngr ]
[+] 192.168.0.2 - Row 22: [Sys_Calendar ]
[+] 192.168.0.2 - Row 23: [SysAdmin ]
[+] 192.168.0.2 - Row 24: [TD_SERVER_DB ]
[+] 192.168.0.2 - Row 25: [TDMaps ]
[+] 192.168.0.2 - Row 26: [SYSUDTLIB ]
[+] 192.168.0.2 - Row 27: [Crashdumps ]
[+] 192.168.0.2 - Row 28: [SYSSPATIAL ]
[+] 192.168.0.2 - Row 29: [MyUser ]
[+] 192.168.0.2 - Row 30: [SYSUIF ]
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
