Path: blob/master/modules/auxiliary/admin/oracle/tnscmd.rb
19516 views
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Auxiliary6include Msf::Exploit::Remote::TNS78def initialize(info = {})9super(10update_info(11info,12'Name' => 'Oracle TNS Listener Command Issuer',13'Description' => %q{14This module allows for the sending of arbitrary TNS commands in order15to gather information.16Inspired from tnscmd.pl from www.jammed.com/~jwa/hacks/security/tnscmd/tnscmd17},18'Author' => ['MC'],19'License' => MSF_LICENSE,20'DisclosureDate' => '2009-02-01',21'Notes' => {22'Stability' => [CRASH_SAFE],23'SideEffects' => [IOC_IN_LOGS],24'Reliability' => []25}26)27)2829register_options(30[31Opt::RPORT(1521),32OptString.new('CMD', [ false, 'Something like ping, version, status, etc..', '(CONNECT_DATA=(COMMAND=VERSION))']),33]34)35end3637def run38begin39connect4041command = datastore['CMD']4243pkt = tns_packet(command)4445print_status("Sending '#{command}' to #{rhost}:#{rport}")46sock.put(pkt)47print_status("writing #{pkt.length} bytes.")4849select(nil, nil, nil, 0.5)5051print_status('reading')52res = sock.get_once(-1, 5) || ''53res = res.tr("[\200-\377]", "[\000-\177]")54res = res.tr("[\000-\027\]", '.')55res = res.tr("\177", '.')56print_status(res)5758disconnect59end60rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout => e61print_error e.message62rescue ::Timeout::Error, ::Errno::EPIPE, Errno::ECONNRESET => e63print_error e.message64end65end666768