Example #1
0
    def tryUsernameLikePassword(self):
        '''
		Try to connect to the DB with each Oracle username using the username like the password
		if lowerAndUpper == True, the username in upper case and lower case format will be tested
		Otherwise identical to username only
		'''
        accounts = []
        self.__loadAllUsernames__()
        passwordGuesser = PasswordGuesser(self.args,
                                          "",
                                          timeSleep=self.args['timeSleep'])
        for usern in self.allUsernames:
            if self.lowerAndUpper == True:
                logging.debug(
                    "Password identical (upper case and lower case) to username will be tested for '{0}'"
                    .format(usern))
                accounts.append([usern, usern.upper()])
                accounts.append([usern, usern.lower()])
            else:
                logging.debug(
                    "Password identical to username will be tested ONLY for '{0}' (option enabled)"
                    .format(usern))
                accounts.append([usern, usern])
        passwordGuesser.accounts = accounts
        passwordGuesser.searchValideAccounts()
        self.validAccountsList = passwordGuesser.valideAccounts
Example #2
0
	def tryUsernameLikePassword(self):
		'''
		Try to connect to the DB with each Oracle username using the username like the password
		'''
		accounts = []
		self.__loadAllUsernames__()
		passwordGuesser = PasswordGuesser(self.args,"",timeSleep=self.args['timeSleep'])
		for usern in self.allUsernames: accounts.append([usern,usern])
		passwordGuesser.accounts = accounts
		passwordGuesser.searchValideAccounts()
		self.validAccountsList = passwordGuesser.valideAccounts	
Example #3
0
    def tryUsernameLikePassword(self):
        '''
		Try to connect to the DB with each Oracle username using the username like the password
		'''
        accounts = []
        self.__loadAllUsernames__()
        passwordGuesser = PasswordGuesser(self.args,
                                          "",
                                          timeSleep=self.args['timeSleep'])
        for usern in self.allUsernames:
            accounts.append([usern, usern])
        passwordGuesser.accounts = accounts
        passwordGuesser.searchValideAccounts()
        self.validAccountsList = passwordGuesser.valideAccounts
Example #4
0
	def tryUsernameLikePassword(self):
		'''
		Try to connect to the DB with each Oracle username using the username like the password
		if lowerAndUpper == True, the username in upper case and lower case format will be tested
		Otherwise identical to username only
		'''
		accounts = []
		self.__loadAllUsernames__()
		passwordGuesser = PasswordGuesser(self.args,accountsFile="",loginFile=None,passwordFile=None,loginAsPwd=False,timeSleep=self.args['timeSleep'])
		for usern in self.allUsernames:
			if self.lowerAndUpper == True:
				logging.debug("Password identical (upper case and lower case) to username will be tested for '{0}'".format(usern))
				accounts.append([usern,usern.upper()])
				accounts.append([usern,usern.lower()])
			else:
				logging.debug("Password identical to username will be tested ONLY for '{0}' (option enabled)".format(usern))
				accounts.append([usern,usern])
		passwordGuesser.accounts = accounts
		passwordGuesser.searchValideAccounts()
		self.validAccountsList = passwordGuesser.valideAccounts	
Example #5
0
def runAllModules(args):
	'''
	Run all modules
	'''
	connectionInformation, validSIDsList = {}, []
	#A)SID MANAGEMENT
	if args['sid'] == None :
		validSIDsList = runSIDGuesserModule(args)
		args['user'], args['password'] = None, None 
	else :
		validSIDsList = [args['sid']]
	#B)ACCOUNT MANAGEMENT
	if args['user'] == None and args['password'] == None:
		for sid in validSIDsList:
			args['print'].title("Searching valid accounts on the {0} SID".format(sid))
			args['sid'] = sid
			passwordGuesser = PasswordGuesser(args,args['accounts-file'])
			passwordGuesser.searchValideAccounts()
			validAccountsList = passwordGuesser.valideAccounts
			if validAccountsList == {}:
				args['print'].badNews("No found a valid account on {0}:{1}/{2}".format(args['server'], args['port'], args['sid']))
				exit(EXIT_NO_ACCOUNTS)
			else :
				args['print'].goodNews("Accounts found on {0}:{1}/{2}: {3}".format(args['server'], args['port'], args['sid'],validAccountsList))
				for aLogin, aPassword in validAccountsList.items(): 
					if connectionInformation.has_key(sid) == False: connectionInformation[sid] = [[aLogin,aPassword]]
					else : connectionInformation[sid].append([aLogin,aPassword])
	else :
		validAccountsList = {args['user']:args['password']}
		for aSid in validSIDsList:
			for aLogin, aPassword in validAccountsList.items():
				if connectionInformation.has_key(aSid) == False: connectionInformation[aSid] = [[aLogin,aPassword]]
				else : connectionInformation[aSid].append([aLogin,aPassword])
	#C)ALL OTHERS MODULES
	if sidHasBeenGiven(args) == False : return EXIT_MISS_ARGUMENT
	elif anAccountIsGiven(args) == False : return EXIT_MISS_ARGUMENT
	for aSid in connectionInformation.keys():
		for loginAndPass in connectionInformation[aSid]:
			args['sid'] , args['user'], args['password'] = aSid, loginAndPass[0],loginAndPass[1]
			args['print'].title("Testing all modules on the {0} SID with the {1}/{2} account".format(args['sid'],args['user'],args['password']))
			#INFO ABOUT REMOTE SERVER
			info = Info(args)
			status = info.connection()
			if isinstance(status,Exception):
				args['print'].badNews("Impossible to connect to the remote database: {0}".format(str(status).replace('\n','')))
				break
			info.loadInformationRemoteDatabase()
			args['info'] = info
			#UTL_HTTP
			utlHttp = UtlHttp(args)
			status = utlHttp.connection()
			utlHttp.testAll()
			#HTTPURITYPE
			httpUriType = HttpUriType(args)
			httpUriType.testAll()
			#UTL_FILE
			utlFile = UtlFile(args)
			utlFile.testAll()
			#JAVA
			java = Java(args)
			java.testAll()
			#DBMS ADVISOR
			dbmsAdvisor = DbmsAdvisor(args)
			dbmsAdvisor.testAll()
			#DBMS Scheduler
			dbmsScheduler = DbmsScheduler(args)
			dbmsScheduler.testAll()
			#CTXSYS
			ctxsys = Ctxsys(args)
			ctxsys.testAll()
			#Passwords
			passwords = Passwords(args)
			passwords.testAll()
			#DbmsXmldom
			dbmsXslprocessor = DbmsXslprocessor(args)
			dbmsXslprocessor.testAll()
			#External Table
			externalTable = ExternalTable(args)
			externalTable.testAll()
			#Oradbg
			oradbg = Oradbg(args)
			oradbg.testAll()
			oradbg.close() #Close the socket to the remote database
			#CVE_2012_3137
			cve = CVE_2012_3137 (args)
			cve.testAll()
	#usernamelikepassword
	args['run'] = True
	runUsernameLikePassword(args)
Example #6
0
def runAllModules(args):
	'''
	Run all modules
	'''
	connectionInformation, validSIDsList = {}, []
	#0)TNS Poinsoning
	if args['no-tns-poisoning-check'] == False:
		tnspoison = Tnspoison(args)
		tnspoison.testAll()
	else:
		logging.info("Don't check if the target is vulnerable to TNS poisoning because the option --no-tns-poisoning-check is enabled in command line")
	#A)SID MANAGEMENT
	if args['sid'] == None :
		logging.debug("Searching valid SIDs")
		validSIDsList = runSIDGuesserModule(args)
		args['user'], args['password'] = None, None 
	else :
		validSIDsList = [args['sid']]
	if validSIDsList == []:
		exit(EXIT_NO_SIDS)
	#B)ACCOUNT MANAGEMENT
	if args['credentialsFile'] == True :
		logging.debug("Loading credentials stored in the {0} file".format(args['accounts-file']))
		#Load accounts from file
		passwordGuesser = PasswordGuesser(args, args['accounts-file'], loginFile=None ,passwordFile=None, loginAsPwd=args['login-as-pwd'])
		validAccountsList = passwordGuesser.getAccountsFromFile()
		for aSid in validSIDsList:
			for anAccount in validAccountsList:
				if connectionInformation.has_key(aSid) == False: connectionInformation[aSid] = [[anAccount[0], anAccount[1]]]
				else : connectionInformation[aSid].append([anAccount[0], anAccount[1]])
	elif args['user'] == None and args['password'] == None:
		for sid in validSIDsList:
			args['print'].title("Searching valid accounts on the {0} SID".format(sid))
			args['sid'] = sid
			if args['accounts-files'][0] != None and args['accounts-files'][1] != None : args['accounts-file'] = None
			passwordGuesser = PasswordGuesser(args, accountsFile=args['accounts-file'], loginFile=args['accounts-files'][0], passwordFile=args['accounts-files'][1], timeSleep=args['timeSleep'], loginAsPwd=args['login-as-pwd'])
			passwordGuesser.searchValideAccounts()
			validAccountsList = passwordGuesser.valideAccounts
			if validAccountsList == {}:
				args['print'].badNews("No found a valid account on {0}:{1}/{2}. You should try with the option '--accounts-file accounts/accounts_multiple.txt' or '--accounts-file accounts/logins.txt accounts/pwds.txt'".format(args['server'], args['port'], args['sid']))
				exit(EXIT_NO_ACCOUNTS)
			else :
				args['print'].goodNews("Accounts found on {0}:{1}/{2}: {3}".format(args['server'], args['port'], args['sid'],getCredentialsFormated(validAccountsList)))
				for aLogin, aPassword in validAccountsList.items(): 
					if connectionInformation.has_key(sid) == False: connectionInformation[sid] = [[aLogin,aPassword]]
					else : connectionInformation[sid].append([aLogin,aPassword])
	else:
		validAccountsList = {args['user']:args['password']}
		for aSid in validSIDsList:
			for aLogin, aPassword in validAccountsList.items():
				if connectionInformation.has_key(aSid) == False: connectionInformation[aSid] = [[aLogin,aPassword]]
				else : connectionInformation[aSid].append([aLogin,aPassword])
	#C)ALL OTHERS MODULES
	if sidHasBeenGiven(args) == False : return EXIT_MISS_ARGUMENT
	#elif anAccountIsGiven(args) == False : return EXIT_MISS_ARGUMENT
	for aSid in connectionInformation.keys():
		for loginAndPass in connectionInformation[aSid]:
			args['sid'] , args['user'], args['password'] = aSid, loginAndPass[0],loginAndPass[1]
			args['print'].title("Testing all modules on the {0} SID with the {1}/{2} account".format(args['sid'],args['user'],args['password']))
			#INFO ABOUT REMOTE SERVER
			status = OracleDatabase(args).connection()
			if isinstance(status,Exception):
				args['print'].badNews("Impossible to connect to the remote database: {0}".format(str(status).replace('\n','')))
				break
			#UTL_HTTP
			utlHttp = UtlHttp(args)
			status = utlHttp.connection()
			utlHttp.testAll()
			#HTTPURITYPE
			httpUriType = HttpUriType(args)
			httpUriType.testAll()
			#UTL_FILE
			utlFile = UtlFile(args)
			utlFile.testAll()
			#JAVA
			java = Java(args)
			java.testAll()
			#DBMS ADVISOR
			dbmsAdvisor = DbmsAdvisor(args)
			dbmsAdvisor.testAll()
			#DBMS Scheduler
			dbmsScheduler = DbmsScheduler(args)
			dbmsScheduler.testAll()
			#CTXSYS
			ctxsys = Ctxsys(args)
			ctxsys.testAll()
			#Passwords
			passwords = Passwords(args)
			passwords.testAll()
			#DbmsXmldom
			dbmsXslprocessor = DbmsXslprocessor(args)
			dbmsXslprocessor.testAll()
			#External Table
			externalTable = ExternalTable(args)
			externalTable.testAll()
			#Oradbg
			oradbg = Oradbg(args)
			oradbg.testAll()
			#DbmsLob
			dbmsLob = DbmsLob(args)
			dbmsLob.testAll()
			#SMB
			smb = SMB(args)
			smb.testAll()
			#Pribvilege escalation
			privilegeEscalation = PrivilegeEscalation(args)
			privilegeEscalation.testAll()
			#Test some CVE
			cve = CVE_XXXX_YYYY(args)
			cve.testAll()
			cve.close() #Close the socket to the remote database
			#CVE_2012_3137
			cve = CVE_2012_3137 (args)
			cve.testAll()
			
	#usernamelikepassword
	args['run'] = True
	runUsernameLikePassword(args)
Example #7
0
def runAllModules(args):
	'''
	Run all modules
	'''
	connectionInformation, validDatabaseList = {}, []
	status = ipOrNameServerHasBeenGiven(args)
	if status == False: return EXIT_MISS_ARGUMENT
	#A)REMOTE VERSION
	###########mssqlInfo = MssqlInfo(args)
	###########mssqlInfo.testAll()
	if databaseHasBeenGiven(args):
		validDatabaseList = [args['database']]
	#B)ACCOUNT MANAGEMENT
	if args['user'] == None and args['password'] == None:
		for database in validDatabaseList:
			args['print'].title("Searching valid accounts on the {0} database".format(database))
			args['database'] = database
			passwordGuesser = PasswordGuesser(args, usernamesFile=args['usernames-file'], passwordsFile=args['passwords-file'], accountsFile=args['accounts-file'])
			status = passwordGuesser.searchValideAccounts()
			if status == False: #Connection error during scan (perhaps host is unavailable now)
				logging.error("Host is probably unavailable. Stopping for this host!")
				return
			validAccountsList = passwordGuesser.valideAccounts
			if validAccountsList == {}:
				args['print'].badNews("No found a valid account on {0}:{1}/{2}.".format(args['host'], args['port'], args['database']))
				return
			else :
				args['print'].goodNews("Accounts found on {0}:{1}/{2}: {3}. All modules will be started with this (these) account(s)".format(args['host'], args['port'], args['database'],validAccountsList))
				for aLogin, aPassword in validAccountsList.items(): 
					if connectionInformation.has_key(database) == False: connectionInformation[database] = [[aLogin,aPassword]]
					else : connectionInformation[database].append([aLogin,aPassword])
	else :
		validAccountsList = {args['user']:args['password']}
		for database in validDatabaseList:
			for aLogin, aPassword in validAccountsList.items():
				if connectionInformation.has_key(database) == False: connectionInformation[database] = [[aLogin,aPassword]]
				else : connectionInformation[database].append([aLogin,aPassword])
	#C)ALL OTHERS MODULES
	for aDatabase in connectionInformation.keys():
		for loginAndPass in connectionInformation[aDatabase]:
			args['database'] , args['user'], args['password'] = aDatabase, loginAndPass[0],loginAndPass[1]
			args['print'].title("Testing the '{0}' database with the account {1}/{2}".format(database,args['user'], args['password']))
			#C.0)Trustworthy module (Privilege escalation)
			trustworthyPE = TrustworthyPE(args)
			status = trustworthyPE.connect()
			if isinstance(status,Exception):
				args['print'].badNews("Impossible to connect to the remote database: {0}".format(str(status).replace('\n','')))
				break
			trustworthyPE.testAll()
			#C.1)Passwordstealer
			passwordstealer = Passwordstealer(args)
			passwordstealer.testAll()
			#C.2)xpcmdshell
			xpcmdshell = Xpcmdshell(args)
			xpcmdshell.testAll()
			#C.3)Jobs
			jobs = Jobs(args)
			jobs.testAll()
			#C.4) SMBAUthenticationCapture
			smbAuthenticationCapture = SMBAuthenticationCapture(args,localIp="127.0.0.1", shareName=DEFAULT_SHARE_NAME)
			smbAuthenticationCapture.testAll()
			#C.5) OLEAutomation
			oleAutomation = OleAutomation(args)
			oleAutomation.testAll()
			#C.6) BulkOpen
			bulkOpen = BulkOpen(args)
			bulkOpen.testAll()
			#C.7) XpDirectory
			PPxpdirectory = XpDirectory(args)
			PPxpdirectory.testAll()
			bulkOpen.closeConnection()
	
	#usernamelikepassword
	args['run'] = True
	runUsernameLikePassword(args)
Example #8
0
def runAllModules(args):
	'''
	Run all modules
	'''
	connectionInformation, validSIDsList = {}, []
	#0)TNS Poinsoning
	if args['no-tns-poisoning-check'] == False:
		tnspoison = Tnspoison(args)
		tnspoison.testAll()
	else:
		logging.info("Don't check if the target is vulnerable to TNS poisoning because the option --no-tns-poisoning-check is enabled in command line")
	#A)SID MANAGEMENT
	if args['sid'] == None :
		logging.debug("Searching valid SIDs")
		validSIDsList = runSIDGuesserModule(args)
		args['user'], args['password'] = None, None 
	else :
		validSIDsList = [args['sid']]
	if validSIDsList == []:
		exit(EXIT_NO_SIDS)
	#B)ACCOUNT MANAGEMENT
	if args['credentialsFile'] == True :
		logging.debug("Loading credentials stored in the {0} file".format(args['accounts-file']))
		#Load accounts from file
		passwordGuesser = PasswordGuesser(args, args['accounts-file'], loginFile=None ,passwordFile=None, loginAsPwd=args['login-as-pwd'])
		validAccountsList = passwordGuesser.getAccountsFromFile()
		for aSid in validSIDsList:
			for anAccount in validAccountsList:
				if connectionInformation.has_key(aSid) == False: connectionInformation[aSid] = [[anAccount[0], anAccount[1]]]
				else : connectionInformation[aSid].append([anAccount[0], anAccount[1]])
	elif args['user'] == None and args['password'] == None:
		for sid in validSIDsList:
			args['print'].title("Searching valid accounts on the {0} SID".format(sid))
			args['sid'] = sid
			if args['accounts-files'][0] != None and args['accounts-files'][1] != None : args['accounts-file'] = None
			passwordGuesser = PasswordGuesser(args, accountsFile=args['accounts-file'], loginFile=args['accounts-files'][0], passwordFile=args['accounts-files'][1], timeSleep=args['timeSleep'], loginAsPwd=args['login-as-pwd'])
			passwordGuesser.searchValideAccounts()
			validAccountsList = passwordGuesser.valideAccounts
			if validAccountsList == {}:
				args['print'].badNews("No found a valid account on {0}:{1}/{2}. You should try with the option '--accounts-file accounts/accounts_multiple.txt' or '--accounts-file accounts/logins.txt accounts/pwds.txt'".format(args['server'], args['port'], args['sid']))
				exit(EXIT_NO_ACCOUNTS)
			else :
				args['print'].goodNews("Accounts found on {0}:{1}/{2}: {3}".format(args['server'], args['port'], args['sid'],getCredentialsFormated(validAccountsList)))
				for aLogin, aPassword in validAccountsList.items(): 
					if connectionInformation.has_key(sid) == False: connectionInformation[sid] = [[aLogin,aPassword]]
					else : connectionInformation[sid].append([aLogin,aPassword])
	else:
		validAccountsList = {args['user']:args['password']}
		for aSid in validSIDsList:
			for aLogin, aPassword in validAccountsList.items():
				if connectionInformation.has_key(aSid) == False: connectionInformation[aSid] = [[aLogin,aPassword]]
				else : connectionInformation[aSid].append([aLogin,aPassword])
	#C)ALL OTHERS MODULES
	if sidHasBeenGiven(args) == False : return EXIT_MISS_ARGUMENT
	#elif anAccountIsGiven(args) == False : return EXIT_MISS_ARGUMENT
	for aSid in connectionInformation.keys():
		for loginAndPass in connectionInformation[aSid]:
			args['sid'] , args['user'], args['password'] = aSid, loginAndPass[0],loginAndPass[1]
			args['print'].title("Testing all modules on the {0} SID with the {1}/{2} account".format(args['sid'],args['user'],args['password']))
			#INFO ABOUT REMOTE SERVER
			info = Info(args)
			status = info.connection()
			if isinstance(status,Exception):
				args['print'].badNews("Impossible to connect to the remote database: {0}".format(str(status).replace('\n','')))
				break
			info.loadInformationRemoteDatabase()
			args['info'] = info
			#UTL_HTTP
			utlHttp = UtlHttp(args)
			status = utlHttp.connection()
			utlHttp.testAll()
			#HTTPURITYPE
			httpUriType = HttpUriType(args)
			httpUriType.testAll()
			#UTL_FILE
			utlFile = UtlFile(args)
			utlFile.testAll()
			#JAVA
			java = Java(args)
			java.testAll()
			#DBMS ADVISOR
			dbmsAdvisor = DbmsAdvisor(args)
			dbmsAdvisor.testAll()
			#DBMS Scheduler
			dbmsScheduler = DbmsScheduler(args)
			dbmsScheduler.testAll()
			#CTXSYS
			ctxsys = Ctxsys(args)
			ctxsys.testAll()
			#Passwords
			passwords = Passwords(args)
			passwords.testAll()
			#DbmsXmldom
			dbmsXslprocessor = DbmsXslprocessor(args)
			dbmsXslprocessor.testAll()
			#External Table
			externalTable = ExternalTable(args)
			externalTable.testAll()
			#Oradbg
			oradbg = Oradbg(args)
			oradbg.testAll()
			#DbmsLob
			dbmsLob = DbmsLob(args)
			dbmsLob.testAll()
			#SMB
			smb = SMB(args)
			smb.testAll()
			#Pribvilege escalation
			privilegeEscalation = PrivilegeEscalation(args)
			privilegeEscalation.testAll()
			#Test some CVE
			cve = CVE_XXXX_YYYY(args)
			cve.testAll()
			cve.close() #Close the socket to the remote database
			#CVE_2012_3137
			cve = CVE_2012_3137 (args)
			cve.testAll()
			
	#usernamelikepassword
	args['run'] = True
	runUsernameLikePassword(args)