CoCalc -- sid_brute.rb

GitHub Repository: rapid7/metasploit-framework
Path: blob/master/modules/auxiliary/admin/oracle/sid_brute.rb
¹⁹⁵⁹¹ views
1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
require 'English'
7
class MetasploitModule < Msf::Auxiliary
8
  include Msf::Auxiliary::Report
9
  include Msf::Exploit::Remote::TNS
10

11
  def initialize(info = {})
12
    super(
13
      update_info(
14
        info,
15
        'Name' => 'Oracle TNS Listener SID Brute Forcer',
16
        'Description' => %q{
17
          This module simply attempts to discover the protected SID.
18
        },
19
        'Author' => [ 'MC' ],
20
        'License' => MSF_LICENSE,
21
        'References' => [
22
          [ 'URL', 'http://web.archive.org/web/20110322124810/http://www.metasploit.com:80/users/mc/' ],
23
          [ 'URL', 'http://www.red-database-security.com/scripts/sid.txt' ],
24
        ],
25
        'DisclosureDate' => '2009-01-07',
26
        'Notes' => {
27
          'Stability' => [CRASH_SAFE],
28
          'SideEffects' => [],
29
          'Reliability' => []
30
        }
31
      )
32
    )
33

34
    register_options(
35
      [
36
        Opt::RPORT(1521),
37
        OptString.new('SLEEP', [ false, 'Sleep() amount between each request.', '1' ]),
38
        OptString.new('SIDFILE', [ false, 'The file that contains a list of sids.', File.join(Msf::Config.install_root, 'data', 'wordlists', 'sid.txt') ]),
39
      ]
40
    )
41
  end
42

43
  def run
44
    s = datastore['SLEEP']
45
    list = datastore['SIDFILE']
46

47
    print_status("Starting brute force on #{rhost}, using sids from #{list}...")
48

49
    fd = ::File.open(list, 'rb').each do |sid|
50
      login = "(DESCRIPTION=(CONNECT_DATA=(SID=#{sid})(CID=(PROGRAM=)(HOST=MSF)(USER=)))(ADDRESS=(PROTOCOL=tcp)(HOST=#{rhost})(PORT=#{rport})))"
51
      pkt = tns_packet(login)
52

53
      begin
54
        connect
55
      rescue ::Interrupt
56
        raise $ERROR_INFO
57
      rescue StandardError => e
58
        print_error(e.to_s)
59
        disconnect
60
        break
61
      end
62

63
      sock.put(pkt)
64
      select(nil, nil, nil, s.to_i)
65
      res = sock.get_once
66
      disconnect
67

68
      next unless res && res.to_s !~ /ERROR_STACK/
69

70
      report_note(
71
        host: rhost,
72
        port: rport,
73
        type: 'oracle_sid',
74
        data: {
75
          :port => rport,
76
          :sid => sid.strip
77
        },
78
        update: :unique_data
79
      )
80
      print_good("#{rhost}:#{rport} Found SID '#{sid.strip}'")
81
    end
82

83
    print_status('Done with brute force...')
84
  ensure
85
    fd.close unless fd.nil?
86
  end
87
end
88

89
Product

Resources

Company
