Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Path: blob/master/modules/auxiliary/scanner/oracle/sid_enum.rb
Views: 11784
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Auxiliary6include Msf::Exploit::Remote::TNS7include Msf::Auxiliary::Report8include Msf::Auxiliary::Scanner910def initialize(info = {})11super(update_info(info,12'Name' => 'Oracle TNS Listener SID Enumeration',13'Description' => %q{14This module simply queries the TNS listener for the Oracle SID.15With Oracle 9.2.0.8 and above the listener will be protected and16the SID will have to be bruteforced or guessed.17},18'Author' => [ 'CG', 'MC' ],19'License' => MSF_LICENSE,20'DisclosureDate' => '2009-01-07'21))2223register_options(24[25Opt::RPORT(1521)26])27end2829def run_host(ip)30begin31connect3233pkt = tns_packet("(CONNECT_DATA=(COMMAND=STATUS))")3435sock.put(pkt)3637select(nil,nil,nil,0.5)3839data = sock.get_once4041if ( data and data =~ /ERROR_STACK/ )42print_error("TNS listener protected for #{ip}...")43else44if(not data)45print_error("#{ip} Connection but no data")46else47sid = data.scan(/INSTANCE_NAME=([^\)]+)/)48sid.uniq.each do |s|49report_note(50:host => ip,51:port => rport,52:type => "oracle_sid",53:data => "PORT=#{rport}, SID=#{s}",54:update => :unique_data55)56print_good("Identified SID for #{ip}:#{rport} #{s}")57end58service_name = data.scan(/SERVICE_NAME=([^\)]+)/)59service_name.uniq.each do |s|60report_note(61:host => ip,62:port => rport,63:type => "oracle_service_name",64:data => "PORT=#{rport}, SERVICE_NAME=#{s}",65:update => :unique_data66)67print_status("Identified SERVICE_NAME for #{ip}:#{rport} #{s}")68end69end70end71disconnect72rescue ::Rex::ConnectionError73rescue ::Errno::EPIPE74end75end76end777879