def runAllModules(args): ''' Run all modules ''' connectionInformation, validSIDsList = {}, [] #0)TNS Poinsoning if args['no-tns-poisoning-check'] == False: tnspoison = Tnspoison(args) tnspoison.testAll() else: logging.info("Don't check if the target is vulnerable to TNS poisoning because the option --no-tns-poisoning-check is enabled in command line") #A)SID MANAGEMENT if args['sid'] == None : logging.debug("Searching valid SIDs") validSIDsList = runSIDGuesserModule(args) args['user'], args['password'] = None, None else : validSIDsList = [args['sid']] if validSIDsList == []: exit(EXIT_NO_SIDS) #B)ACCOUNT MANAGEMENT if args['credentialsFile'] == True : logging.debug("Loading credentials stored in the {0} file".format(args['accounts-file'])) #Load accounts from file passwordGuesser = PasswordGuesser(args, args['accounts-file'], loginFile=None ,passwordFile=None, loginAsPwd=args['login-as-pwd']) validAccountsList = passwordGuesser.getAccountsFromFile() for aSid in validSIDsList: for anAccount in validAccountsList: if connectionInformation.has_key(aSid) == False: connectionInformation[aSid] = [[anAccount[0], anAccount[1]]] else : connectionInformation[aSid].append([anAccount[0], anAccount[1]]) elif args['user'] == None and args['password'] == None: for sid in validSIDsList: args['print'].title("Searching valid accounts on the {0} SID".format(sid)) args['sid'] = sid if args['accounts-files'][0] != None and args['accounts-files'][1] != None : args['accounts-file'] = None passwordGuesser = PasswordGuesser(args, accountsFile=args['accounts-file'], loginFile=args['accounts-files'][0], passwordFile=args['accounts-files'][1], timeSleep=args['timeSleep'], loginAsPwd=args['login-as-pwd']) passwordGuesser.searchValideAccounts() validAccountsList = passwordGuesser.valideAccounts if validAccountsList == {}: args['print'].badNews("No found a valid account on {0}:{1}/{2}. You should try with the option '--accounts-file accounts/accounts_multiple.txt' or '--accounts-file accounts/logins.txt accounts/pwds.txt'".format(args['server'], args['port'], args['sid'])) exit(EXIT_NO_ACCOUNTS) else : args['print'].goodNews("Accounts found on {0}:{1}/{2}: {3}".format(args['server'], args['port'], args['sid'],getCredentialsFormated(validAccountsList))) for aLogin, aPassword in validAccountsList.items(): if connectionInformation.has_key(sid) == False: connectionInformation[sid] = [[aLogin,aPassword]] else : connectionInformation[sid].append([aLogin,aPassword]) else: validAccountsList = {args['user']:args['password']} for aSid in validSIDsList: for aLogin, aPassword in validAccountsList.items(): if connectionInformation.has_key(aSid) == False: connectionInformation[aSid] = [[aLogin,aPassword]] else : connectionInformation[aSid].append([aLogin,aPassword]) #C)ALL OTHERS MODULES if sidHasBeenGiven(args) == False : return EXIT_MISS_ARGUMENT #elif anAccountIsGiven(args) == False : return EXIT_MISS_ARGUMENT for aSid in connectionInformation.keys(): for loginAndPass in connectionInformation[aSid]: args['sid'] , args['user'], args['password'] = aSid, loginAndPass[0],loginAndPass[1] args['print'].title("Testing all modules on the {0} SID with the {1}/{2} account".format(args['sid'],args['user'],args['password'])) #INFO ABOUT REMOTE SERVER info = Info(args) status = info.connection() if isinstance(status,Exception): args['print'].badNews("Impossible to connect to the remote database: {0}".format(str(status).replace('\n',''))) break info.loadInformationRemoteDatabase() args['info'] = info #UTL_HTTP utlHttp = UtlHttp(args) status = utlHttp.connection() utlHttp.testAll() #HTTPURITYPE httpUriType = HttpUriType(args) httpUriType.testAll() #UTL_FILE utlFile = UtlFile(args) utlFile.testAll() #JAVA java = Java(args) java.testAll() #DBMS ADVISOR dbmsAdvisor = DbmsAdvisor(args) dbmsAdvisor.testAll() #DBMS Scheduler dbmsScheduler = DbmsScheduler(args) dbmsScheduler.testAll() #CTXSYS ctxsys = Ctxsys(args) ctxsys.testAll() #Passwords passwords = Passwords(args) passwords.testAll() #DbmsXmldom dbmsXslprocessor = DbmsXslprocessor(args) dbmsXslprocessor.testAll() #External Table externalTable = ExternalTable(args) externalTable.testAll() #Oradbg oradbg = Oradbg(args) oradbg.testAll() #DbmsLob dbmsLob = DbmsLob(args) dbmsLob.testAll() #SMB smb = SMB(args) smb.testAll() #Pribvilege escalation privilegeEscalation = PrivilegeEscalation(args) privilegeEscalation.testAll() #Test some CVE cve = CVE_XXXX_YYYY(args) cve.testAll() cve.close() #Close the socket to the remote database #CVE_2012_3137 cve = CVE_2012_3137 (args) cve.testAll() #usernamelikepassword args['run'] = True runUsernameLikePassword(args)
def runAllModules(args): ''' Run all modules ''' connectionInformation, validSIDsList = {}, [] #A)SID MANAGEMENT if args['sid'] == None : validSIDsList = runSIDGuesserModule(args) args['user'], args['password'] = None, None else : validSIDsList = [args['sid']] #B)ACCOUNT MANAGEMENT if args['user'] == None and args['password'] == None: for sid in validSIDsList: args['print'].title("Searching valid accounts on the {0} SID".format(sid)) args['sid'] = sid passwordGuesser = PasswordGuesser(args,args['accounts-file']) passwordGuesser.searchValideAccounts() validAccountsList = passwordGuesser.valideAccounts if validAccountsList == {}: args['print'].badNews("No found a valid account on {0}:{1}/{2}".format(args['server'], args['port'], args['sid'])) exit(EXIT_NO_ACCOUNTS) else : args['print'].goodNews("Accounts found on {0}:{1}/{2}: {3}".format(args['server'], args['port'], args['sid'],validAccountsList)) for aLogin, aPassword in validAccountsList.items(): if connectionInformation.has_key(sid) == False: connectionInformation[sid] = [[aLogin,aPassword]] else : connectionInformation[sid].append([aLogin,aPassword]) else : validAccountsList = {args['user']:args['password']} for aSid in validSIDsList: for aLogin, aPassword in validAccountsList.items(): if connectionInformation.has_key(aSid) == False: connectionInformation[aSid] = [[aLogin,aPassword]] else : connectionInformation[aSid].append([aLogin,aPassword]) #C)ALL OTHERS MODULES if sidHasBeenGiven(args) == False : return EXIT_MISS_ARGUMENT elif anAccountIsGiven(args) == False : return EXIT_MISS_ARGUMENT for aSid in connectionInformation.keys(): for loginAndPass in connectionInformation[aSid]: args['sid'] , args['user'], args['password'] = aSid, loginAndPass[0],loginAndPass[1] args['print'].title("Testing all modules on the {0} SID with the {1}/{2} account".format(args['sid'],args['user'],args['password'])) #INFO ABOUT REMOTE SERVER info = Info(args) status = info.connection() if isinstance(status,Exception): args['print'].badNews("Impossible to connect to the remote database: {0}".format(str(status).replace('\n',''))) break info.loadInformationRemoteDatabase() args['info'] = info #UTL_HTTP utlHttp = UtlHttp(args) status = utlHttp.connection() utlHttp.testAll() #HTTPURITYPE httpUriType = HttpUriType(args) httpUriType.testAll() #UTL_FILE utlFile = UtlFile(args) utlFile.testAll() #JAVA java = Java(args) java.testAll() #DBMS ADVISOR dbmsAdvisor = DbmsAdvisor(args) dbmsAdvisor.testAll() #DBMS Scheduler dbmsScheduler = DbmsScheduler(args) dbmsScheduler.testAll() #CTXSYS ctxsys = Ctxsys(args) ctxsys.testAll() #Passwords passwords = Passwords(args) passwords.testAll() #DbmsXmldom dbmsXslprocessor = DbmsXslprocessor(args) dbmsXslprocessor.testAll() #External Table externalTable = ExternalTable(args) externalTable.testAll() #Oradbg oradbg = Oradbg(args) oradbg.testAll() oradbg.close() #Close the socket to the remote database #CVE_2012_3137 cve = CVE_2012_3137 (args) cve.testAll() #usernamelikepassword args['run'] = True runUsernameLikePassword(args)