def runPasswordGuesserModule(args):
"""
Run the PasswordGuesser module
"""
if sidHasBeenGiven(args) == False:
return EXIT_MISS_ARGUMENT
args["print"].title("Searching valid accounts on the {0} server, port {1}".format(args["server"], args["port"]))
if args["accounts-files"][0] != None and args["accounts-files"][1] != None:
args["accounts-file"] = None
passwordGuesser = PasswordGuesser(
args,
accountsFile=args["accounts-file"],
loginFile=args["accounts-files"][0],
passwordFile=args["accounts-files"][1],
timeSleep=args["timeSleep"],
loginAsPwd=args["login-as-pwd"],
)
passwordGuesser.searchValideAccounts()
validAccountsList = passwordGuesser.valideAccounts
if validAccountsList == {}:
args["print"].badNews(
"No found a valid account on {0}:{1}/{2}. You should try with the option '--accounts-file accounts/accounts_multiple.txt' or '--accounts-file accounts/logins.txt accounts/pwds.txt'".format(
args["server"], args["port"], args["sid"]
)
)
else:
args["print"].goodNews(
"Accounts found on {0}:{1}/{2}: {3}".format(
args["server"], args["port"], args["sid"], getCredentialsFormated(validAccountsList)
)
)
def runPasswordGuesserModule(args):
'''
Run the PasswordGuesser module
'''
if sidHasBeenGiven(args) == False: return EXIT_MISS_ARGUMENT
args['print'].title(
"Searching valid accounts on the {0} server, port {1}".format(
args['server'], args['port']))
if args['accounts-files'][0] != None and args['accounts-files'][1] != None:
args['accounts-file'] = None
passwordGuesser = PasswordGuesser(args,
accountsFile=args['accounts-file'],
loginFile=args['accounts-files'][0],
passwordFile=args['accounts-files'][1],
timeSleep=args['timeSleep'],
loginAsPwd=args['login-as-pwd'])
passwordGuesser.searchValideAccounts()
validAccountsList = passwordGuesser.valideAccounts
if validAccountsList == {}:
args['print'].badNews(
"No found a valid account on {0}:{1}/{2}. You should try with the option '--accounts-file accounts/accounts_multiple.txt' or '--accounts-file accounts/logins.txt accounts/pwds.txt'"
.format(args['server'], args['port'], args['sid']))
else:
args['print'].goodNews("Accounts found on {0}:{1}/{2}: {3}".format(
args['server'], args['port'], args['sid'],
getCredentialsFormated(validAccountsList)))
def runUsernameLikePassword(args):
'''
Run the UsernameLikePassword module
'''
status = True
usernameLikePassword = UsernameLikePassword(args)
status = usernameLikePassword.connection(stopIfError=True)
#Option 1: UsernameLikePassword
if args['run'] != None:
additionalPwd = []
args['print'].title(
"Oracle users have not the password identical to the username ?")
if 'additional-pwd' in args and args['additional-pwd'] != None:
additionalPwd = args['additional-pwd']
usernameLikePassword.tryUsernameLikePassword(
additionalPwd=additionalPwd)
if usernameLikePassword.validAccountsList == {}:
args['print'].badNews(
"No found a valid account on {0}:{1}/{2}".format(
args['server'], args['port'], args['sid']))
else:
args['print'].goodNews("Accounts found on {0}:{1}/{2}: {3}".format(
args['server'], args['port'], args['sid'],
getCredentialsFormated(
usernameLikePassword.validAccountsList)))
def runUsernameLikePassword(args):
'''
Run the UsernameLikePassword module
'''
status= True
usernameLikePassword = UsernameLikePassword(args)
status = usernameLikePassword.connect(stopIfError=True)
#Option 1: UsernameLikePassword
if args['run'] !=None :
args['print'].title("MSSQL users have not the password identical to the username ?")
usernameLikePassword.tryUsernameLikePassword()
if usernameLikePassword.validAccountsList == {}:
args['print'].badNews("No found a valid account on {0}:{1}".format(args['host'], args['port']))
else :
args['print'].goodNews("Accounts found on {0}:{1}: {2}".format(args['host'], args['port'],getCredentialsFormated(usernameLikePassword.validAccountsList)))
def runUsernameLikePassword(args):
'''
Run the UsernameLikePassword module
'''
status= True
usernameLikePassword = UsernameLikePassword(args)
status = usernameLikePassword.connection(stopIfError=True)
#Option 1: UsernameLikePassword
if args['run'] !=None :
args['print'].title("Oracle users have not the password identical to the username ?")
usernameLikePassword.tryUsernameLikePassword()
if usernameLikePassword.validAccountsList == {}:
args['print'].badNews("No found a valid account on {0}:{1}/{2}".format(args['server'], args['port'], args['sid']))
else :
args['print'].goodNews("Accounts found on {0}:{1}/{2}: {3}".format(args['server'], args['port'], args['sid'],getCredentialsFormated(usernameLikePassword.validAccountsList)))
def runAllModules(args):
'''
Run all modules
'''
connectionInformation, validSIDsList = {}, []
#0)TNS Poinsoning
if args['no-tns-poisoning-check'] == False:
tnspoison = Tnspoison(args)
tnspoison.testAll()
else:
logging.info("Don't check if the target is vulnerable to TNS poisoning because the option --no-tns-poisoning-check is enabled in command line")
#A)SID MANAGEMENT
if args['sid'] == None :
logging.debug("Searching valid SIDs")
validSIDsList = runSIDGuesserModule(args)
args['user'], args['password'] = None, None
else :
validSIDsList = [args['sid']]
if validSIDsList == []:
exit(EXIT_NO_SIDS)
#B)ACCOUNT MANAGEMENT
if args['credentialsFile'] == True :
logging.debug("Loading credentials stored in the {0} file".format(args['accounts-file']))
#Load accounts from file
passwordGuesser = PasswordGuesser(args, args['accounts-file'], loginFile=None ,passwordFile=None, loginAsPwd=args['login-as-pwd'])
validAccountsList = passwordGuesser.getAccountsFromFile()
for aSid in validSIDsList:
for anAccount in validAccountsList:
if connectionInformation.has_key(aSid) == False: connectionInformation[aSid] = [[anAccount[0], anAccount[1]]]
else : connectionInformation[aSid].append([anAccount[0], anAccount[1]])
elif args['user'] == None and args['password'] == None:
for sid in validSIDsList:
args['print'].title("Searching valid accounts on the {0} SID".format(sid))
args['sid'] = sid
if args['accounts-files'][0] != None and args['accounts-files'][1] != None : args['accounts-file'] = None
passwordGuesser = PasswordGuesser(args, accountsFile=args['accounts-file'], loginFile=args['accounts-files'][0], passwordFile=args['accounts-files'][1], timeSleep=args['timeSleep'], loginAsPwd=args['login-as-pwd'])
passwordGuesser.searchValideAccounts()
validAccountsList = passwordGuesser.valideAccounts
if validAccountsList == {}:
args['print'].badNews("No found a valid account on {0}:{1}/{2}. You should try with the option '--accounts-file accounts/accounts_multiple.txt' or '--accounts-file accounts/logins.txt accounts/pwds.txt'".format(args['server'], args['port'], args['sid']))
exit(EXIT_NO_ACCOUNTS)
else :
args['print'].goodNews("Accounts found on {0}:{1}/{2}: {3}".format(args['server'], args['port'], args['sid'],getCredentialsFormated(validAccountsList)))
for aLogin, aPassword in validAccountsList.items():
if connectionInformation.has_key(sid) == False: connectionInformation[sid] = [[aLogin,aPassword]]
else : connectionInformation[sid].append([aLogin,aPassword])
else:
validAccountsList = {args['user']:args['password']}
for aSid in validSIDsList:
for aLogin, aPassword in validAccountsList.items():
if connectionInformation.has_key(aSid) == False: connectionInformation[aSid] = [[aLogin,aPassword]]
else : connectionInformation[aSid].append([aLogin,aPassword])
#C)ALL OTHERS MODULES
if sidHasBeenGiven(args) == False : return EXIT_MISS_ARGUMENT
#elif anAccountIsGiven(args) == False : return EXIT_MISS_ARGUMENT
for aSid in connectionInformation.keys():
for loginAndPass in connectionInformation[aSid]:
args['sid'] , args['user'], args['password'] = aSid, loginAndPass[0],loginAndPass[1]
args['print'].title("Testing all modules on the {0} SID with the {1}/{2} account".format(args['sid'],args['user'],args['password']))
#INFO ABOUT REMOTE SERVER
status = OracleDatabase(args).connection()
if isinstance(status,Exception):
args['print'].badNews("Impossible to connect to the remote database: {0}".format(str(status).replace('\n','')))
break
#UTL_HTTP
utlHttp = UtlHttp(args)
status = utlHttp.connection()
utlHttp.testAll()
#HTTPURITYPE
httpUriType = HttpUriType(args)
httpUriType.testAll()
#UTL_FILE
utlFile = UtlFile(args)
utlFile.testAll()
#JAVA
java = Java(args)
java.testAll()
#DBMS ADVISOR
dbmsAdvisor = DbmsAdvisor(args)
dbmsAdvisor.testAll()
#DBMS Scheduler
dbmsScheduler = DbmsScheduler(args)
dbmsScheduler.testAll()
#CTXSYS
ctxsys = Ctxsys(args)
ctxsys.testAll()
#Passwords
passwords = Passwords(args)
passwords.testAll()
#DbmsXmldom
dbmsXslprocessor = DbmsXslprocessor(args)
dbmsXslprocessor.testAll()
#External Table
externalTable = ExternalTable(args)
externalTable.testAll()
#Oradbg
oradbg = Oradbg(args)
oradbg.testAll()
#DbmsLob
dbmsLob = DbmsLob(args)
dbmsLob.testAll()
#SMB
smb = SMB(args)
smb.testAll()
#Pribvilege escalation
privilegeEscalation = PrivilegeEscalation(args)
privilegeEscalation.testAll()
#Test some CVE
cve = CVE_XXXX_YYYY(args)
cve.testAll()
cve.close() #Close the socket to the remote database
#CVE_2012_3137
cve = CVE_2012_3137 (args)
cve.testAll()
#usernamelikepassword
args['run'] = True
runUsernameLikePassword(args)
def runAllModules(args):
'''
Run all modules
'''
connectionInformation, validSIDsList = {}, []
#0)TNS Poinsoning
if args['no-tns-poisoning-check'] == False:
tnspoison = Tnspoison(args)
tnspoison.testAll()
else:
logging.info("Don't check if the target is vulnerable to TNS poisoning because the option --no-tns-poisoning-check is enabled in command line")
#A)SID MANAGEMENT
if args['sid'] == None :
logging.debug("Searching valid SIDs")
validSIDsList = runSIDGuesserModule(args)
args['user'], args['password'] = None, None
else :
validSIDsList = [args['sid']]
if validSIDsList == []:
exit(EXIT_NO_SIDS)
#B)ACCOUNT MANAGEMENT
if args['credentialsFile'] == True :
logging.debug("Loading credentials stored in the {0} file".format(args['accounts-file']))
#Load accounts from file
passwordGuesser = PasswordGuesser(args, args['accounts-file'], loginFile=None ,passwordFile=None, loginAsPwd=args['login-as-pwd'])
validAccountsList = passwordGuesser.getAccountsFromFile()
for aSid in validSIDsList:
for anAccount in validAccountsList:
if connectionInformation.has_key(aSid) == False: connectionInformation[aSid] = [[anAccount[0], anAccount[1]]]
else : connectionInformation[aSid].append([anAccount[0], anAccount[1]])
elif args['user'] == None and args['password'] == None:
for sid in validSIDsList:
args['print'].title("Searching valid accounts on the {0} SID".format(sid))
args['sid'] = sid
if args['accounts-files'][0] != None and args['accounts-files'][1] != None : args['accounts-file'] = None
passwordGuesser = PasswordGuesser(args, accountsFile=args['accounts-file'], loginFile=args['accounts-files'][0], passwordFile=args['accounts-files'][1], timeSleep=args['timeSleep'], loginAsPwd=args['login-as-pwd'])
passwordGuesser.searchValideAccounts()
validAccountsList = passwordGuesser.valideAccounts
if validAccountsList == {}:
args['print'].badNews("No found a valid account on {0}:{1}/{2}. You should try with the option '--accounts-file accounts/accounts_multiple.txt' or '--accounts-file accounts/logins.txt accounts/pwds.txt'".format(args['server'], args['port'], args['sid']))
exit(EXIT_NO_ACCOUNTS)
else :
args['print'].goodNews("Accounts found on {0}:{1}/{2}: {3}".format(args['server'], args['port'], args['sid'],getCredentialsFormated(validAccountsList)))
for aLogin, aPassword in validAccountsList.items():
if connectionInformation.has_key(sid) == False: connectionInformation[sid] = [[aLogin,aPassword]]
else : connectionInformation[sid].append([aLogin,aPassword])
else:
validAccountsList = {args['user']:args['password']}
for aSid in validSIDsList:
for aLogin, aPassword in validAccountsList.items():
if connectionInformation.has_key(aSid) == False: connectionInformation[aSid] = [[aLogin,aPassword]]
else : connectionInformation[aSid].append([aLogin,aPassword])
#C)ALL OTHERS MODULES
if sidHasBeenGiven(args) == False : return EXIT_MISS_ARGUMENT
#elif anAccountIsGiven(args) == False : return EXIT_MISS_ARGUMENT
for aSid in connectionInformation.keys():
for loginAndPass in connectionInformation[aSid]:
args['sid'] , args['user'], args['password'] = aSid, loginAndPass[0],loginAndPass[1]
args['print'].title("Testing all modules on the {0} SID with the {1}/{2} account".format(args['sid'],args['user'],args['password']))
#INFO ABOUT REMOTE SERVER
info = Info(args)
status = info.connection()
if isinstance(status,Exception):
args['print'].badNews("Impossible to connect to the remote database: {0}".format(str(status).replace('\n','')))
break
info.loadInformationRemoteDatabase()
args['info'] = info
#UTL_HTTP
utlHttp = UtlHttp(args)
status = utlHttp.connection()
utlHttp.testAll()
#HTTPURITYPE
httpUriType = HttpUriType(args)
httpUriType.testAll()
#UTL_FILE
utlFile = UtlFile(args)
utlFile.testAll()
#JAVA
java = Java(args)
java.testAll()
#DBMS ADVISOR
dbmsAdvisor = DbmsAdvisor(args)
dbmsAdvisor.testAll()
#DBMS Scheduler
dbmsScheduler = DbmsScheduler(args)
dbmsScheduler.testAll()
#CTXSYS
ctxsys = Ctxsys(args)
ctxsys.testAll()
#Passwords
passwords = Passwords(args)
passwords.testAll()
#DbmsXmldom
dbmsXslprocessor = DbmsXslprocessor(args)
dbmsXslprocessor.testAll()
#External Table
externalTable = ExternalTable(args)
externalTable.testAll()
#Oradbg
oradbg = Oradbg(args)
oradbg.testAll()
#DbmsLob
dbmsLob = DbmsLob(args)
dbmsLob.testAll()
#SMB
smb = SMB(args)
smb.testAll()
#Pribvilege escalation
privilegeEscalation = PrivilegeEscalation(args)
privilegeEscalation.testAll()
#Test some CVE
cve = CVE_XXXX_YYYY(args)
cve.testAll()
cve.close() #Close the socket to the remote database
#CVE_2012_3137
cve = CVE_2012_3137 (args)
cve.testAll()
#usernamelikepassword
args['run'] = True
runUsernameLikePassword(args)
