Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
Path: blob/master/modules/auxiliary/admin/oracle/tnscmd.rb
19513 views
1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5
6
class MetasploitModule < Msf::Auxiliary
7
include Msf::Exploit::Remote::TNS
8
9
def initialize(info = {})
10
super(
11
update_info(
12
info,
13
'Name' => 'Oracle TNS Listener Command Issuer',
14
'Description' => %q{
15
This module allows for the sending of arbitrary TNS commands in order
16
to gather information.
17
Inspired from tnscmd.pl from www.jammed.com/~jwa/hacks/security/tnscmd/tnscmd
18
},
19
'Author' => ['MC'],
20
'License' => MSF_LICENSE,
21
'DisclosureDate' => '2009-02-01',
22
'Notes' => {
23
'Stability' => [CRASH_SAFE],
24
'SideEffects' => [IOC_IN_LOGS],
25
'Reliability' => []
26
}
27
)
28
)
29
30
register_options(
31
[
32
Opt::RPORT(1521),
33
OptString.new('CMD', [ false, 'Something like ping, version, status, etc..', '(CONNECT_DATA=(COMMAND=VERSION))']),
34
]
35
)
36
end
37
38
def run
39
begin
40
connect
41
42
command = datastore['CMD']
43
44
pkt = tns_packet(command)
45
46
print_status("Sending '#{command}' to #{rhost}:#{rport}")
47
sock.put(pkt)
48
print_status("writing #{pkt.length} bytes.")
49
50
select(nil, nil, nil, 0.5)
51
52
print_status('reading')
53
res = sock.get_once(-1, 5) || ''
54
res = res.tr("[\200-\377]", "[\000-\177]")
55
res = res.tr("[\000-\027\]", '.')
56
res = res.tr("\177", '.')
57
print_status(res)
58
59
disconnect
60
end
61
rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout => e
62
print_error e.message
63
rescue ::Timeout::Error, ::Errno::EPIPE, Errno::ECONNRESET => e
64
print_error e.message
65
end
66
end
67
68