Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
Path: blob/master/modules/auxiliary/scanner/oracle/sid_enum.rb
19612 views
1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5
6
class MetasploitModule < Msf::Auxiliary
7
include Msf::Exploit::Remote::TNS
8
include Msf::Auxiliary::Report
9
include Msf::Auxiliary::Scanner
10
11
def initialize(info = {})
12
super(
13
update_info(
14
info,
15
'Name' => 'Oracle TNS Listener SID Enumeration',
16
'Description' => %q{
17
This module simply queries the TNS listener for the Oracle SID.
18
With Oracle 9.2.0.8 and above the listener will be protected and
19
the SID will have to be bruteforced or guessed.
20
},
21
'Author' => [ 'CG', 'MC' ],
22
'License' => MSF_LICENSE,
23
'DisclosureDate' => '2009-01-07',
24
'Notes' => {
25
'Reliability' => UNKNOWN_RELIABILITY,
26
'Stability' => UNKNOWN_STABILITY,
27
'SideEffects' => UNKNOWN_SIDE_EFFECTS
28
}
29
)
30
)
31
32
register_options(
33
[
34
Opt::RPORT(1521)
35
]
36
)
37
end
38
39
def run_host(ip)
40
begin
41
connect
42
43
pkt = tns_packet("(CONNECT_DATA=(COMMAND=STATUS))")
44
45
sock.put(pkt)
46
47
select(nil, nil, nil, 0.5)
48
49
data = sock.get_once
50
51
if (data and data =~ /ERROR_STACK/)
52
print_error("TNS listener protected for #{ip}...")
53
else
54
if (not data)
55
print_error("#{ip} Connection but no data")
56
else
57
sid = data.scan(/INSTANCE_NAME=([^\)]+)/)
58
sid.uniq.each do |s|
59
report_note(
60
:host => ip,
61
:port => rport,
62
:type => "oracle_sid",
63
:data => {
64
:port => rport,
65
:sid => s
66
},
67
:update => :unique_data
68
)
69
print_good("Identified SID for #{ip}:#{rport} #{s}")
70
end
71
service_name = data.scan(/SERVICE_NAME=([^\)]+)/)
72
service_name.uniq.each do |s|
73
report_note(
74
:host => ip,
75
:port => rport,
76
:type => "oracle_service_name",
77
:data => {
78
:port => rport,
79
:service_name => s
80
},
81
:update => :unique_data
82
)
83
print_status("Identified SERVICE_NAME for #{ip}:#{rport} #{s}")
84
end
85
end
86
end
87
disconnect
88
rescue ::Rex::ConnectionError
89
rescue ::Errno::EPIPE
90
end
91
end
92
end
93
94