Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Auxiliary
7
  include Msf::Exploit::ORACLE
8

9
  def initialize(info = {})
10
    super(update_info(info,
11
      'Name'           => 'Oracle SQL Generic Query',
12
      'Description'    => %q{
13
          This module allows for simple SQL statements to be executed
14
          against an Oracle instance given the appropriate credentials
15
          and sid.
16
      },
17
      'Author'         => [ 'MC' ],
18
      'License'        => MSF_LICENSE,
19
      'References'     =>
20
        [
21
          [ 'URL', 'https://www.metasploit.com/users/mc' ],
22
        ],
23
      'DisclosureDate' => '2007-12-07'))
24

25
      register_options(
26
        [
27
          OptString.new('SQL', [ false, 'The SQL to execute.',  'select * from v$version']),
28
        ])
29
  end
30

31
  def run
32
    return if not check_dependencies
33

34
    query = datastore['SQL']
35

36
    begin
37
      print_status("Sending statement: '#{query}'...")
38
      result = prepare_exec(query)
39
      # Need this if statement because some statements won't return anything
40
      if result
41
        result.each do |line|
42
          print_status(line)
43
        end
44
      end
45
    rescue => e
46
      return
47
    end
48
  end
49
end
50

51