def tryUsernameLikePassword(self): ''' Try to connect to the DB with each Oracle username using the username like the password if lowerAndUpper == True, the username in upper case and lower case format will be tested Otherwise identical to username only ''' accounts = [] self.__loadAllUsernames__() passwordGuesser = PasswordGuesser(self.args, "", timeSleep=self.args['timeSleep']) for usern in self.allUsernames: if self.lowerAndUpper == True: logging.debug( "Password identical (upper case and lower case) to username will be tested for '{0}'" .format(usern)) accounts.append([usern, usern.upper()]) accounts.append([usern, usern.lower()]) else: logging.debug( "Password identical to username will be tested ONLY for '{0}' (option enabled)" .format(usern)) accounts.append([usern, usern]) passwordGuesser.accounts = accounts passwordGuesser.searchValideAccounts() self.validAccountsList = passwordGuesser.valideAccounts
def tryUsernameLikePassword(self): ''' Try to connect to the DB with each Oracle username using the username like the password ''' accounts = [] self.__loadAllUsernames__() passwordGuesser = PasswordGuesser(self.args,"",timeSleep=self.args['timeSleep']) for usern in self.allUsernames: accounts.append([usern,usern]) passwordGuesser.accounts = accounts passwordGuesser.searchValideAccounts() self.validAccountsList = passwordGuesser.valideAccounts
def tryUsernameLikePassword(self): ''' Try to connect to the DB with each Oracle username using the username like the password ''' accounts = [] self.__loadAllUsernames__() passwordGuesser = PasswordGuesser(self.args, "", timeSleep=self.args['timeSleep']) for usern in self.allUsernames: accounts.append([usern, usern]) passwordGuesser.accounts = accounts passwordGuesser.searchValideAccounts() self.validAccountsList = passwordGuesser.valideAccounts
def tryUsernameLikePassword(self): ''' Try to connect to the DB with each Oracle username using the username like the password if lowerAndUpper == True, the username in upper case and lower case format will be tested Otherwise identical to username only ''' accounts = [] self.__loadAllUsernames__() passwordGuesser = PasswordGuesser(self.args,accountsFile="",loginFile=None,passwordFile=None,loginAsPwd=False,timeSleep=self.args['timeSleep']) for usern in self.allUsernames: if self.lowerAndUpper == True: logging.debug("Password identical (upper case and lower case) to username will be tested for '{0}'".format(usern)) accounts.append([usern,usern.upper()]) accounts.append([usern,usern.lower()]) else: logging.debug("Password identical to username will be tested ONLY for '{0}' (option enabled)".format(usern)) accounts.append([usern,usern]) passwordGuesser.accounts = accounts passwordGuesser.searchValideAccounts() self.validAccountsList = passwordGuesser.valideAccounts
def runAllModules(args): ''' Run all modules ''' connectionInformation, validSIDsList = {}, [] #A)SID MANAGEMENT if args['sid'] == None : validSIDsList = runSIDGuesserModule(args) args['user'], args['password'] = None, None else : validSIDsList = [args['sid']] #B)ACCOUNT MANAGEMENT if args['user'] == None and args['password'] == None: for sid in validSIDsList: args['print'].title("Searching valid accounts on the {0} SID".format(sid)) args['sid'] = sid passwordGuesser = PasswordGuesser(args,args['accounts-file']) passwordGuesser.searchValideAccounts() validAccountsList = passwordGuesser.valideAccounts if validAccountsList == {}: args['print'].badNews("No found a valid account on {0}:{1}/{2}".format(args['server'], args['port'], args['sid'])) exit(EXIT_NO_ACCOUNTS) else : args['print'].goodNews("Accounts found on {0}:{1}/{2}: {3}".format(args['server'], args['port'], args['sid'],validAccountsList)) for aLogin, aPassword in validAccountsList.items(): if connectionInformation.has_key(sid) == False: connectionInformation[sid] = [[aLogin,aPassword]] else : connectionInformation[sid].append([aLogin,aPassword]) else : validAccountsList = {args['user']:args['password']} for aSid in validSIDsList: for aLogin, aPassword in validAccountsList.items(): if connectionInformation.has_key(aSid) == False: connectionInformation[aSid] = [[aLogin,aPassword]] else : connectionInformation[aSid].append([aLogin,aPassword]) #C)ALL OTHERS MODULES if sidHasBeenGiven(args) == False : return EXIT_MISS_ARGUMENT elif anAccountIsGiven(args) == False : return EXIT_MISS_ARGUMENT for aSid in connectionInformation.keys(): for loginAndPass in connectionInformation[aSid]: args['sid'] , args['user'], args['password'] = aSid, loginAndPass[0],loginAndPass[1] args['print'].title("Testing all modules on the {0} SID with the {1}/{2} account".format(args['sid'],args['user'],args['password'])) #INFO ABOUT REMOTE SERVER info = Info(args) status = info.connection() if isinstance(status,Exception): args['print'].badNews("Impossible to connect to the remote database: {0}".format(str(status).replace('\n',''))) break info.loadInformationRemoteDatabase() args['info'] = info #UTL_HTTP utlHttp = UtlHttp(args) status = utlHttp.connection() utlHttp.testAll() #HTTPURITYPE httpUriType = HttpUriType(args) httpUriType.testAll() #UTL_FILE utlFile = UtlFile(args) utlFile.testAll() #JAVA java = Java(args) java.testAll() #DBMS ADVISOR dbmsAdvisor = DbmsAdvisor(args) dbmsAdvisor.testAll() #DBMS Scheduler dbmsScheduler = DbmsScheduler(args) dbmsScheduler.testAll() #CTXSYS ctxsys = Ctxsys(args) ctxsys.testAll() #Passwords passwords = Passwords(args) passwords.testAll() #DbmsXmldom dbmsXslprocessor = DbmsXslprocessor(args) dbmsXslprocessor.testAll() #External Table externalTable = ExternalTable(args) externalTable.testAll() #Oradbg oradbg = Oradbg(args) oradbg.testAll() oradbg.close() #Close the socket to the remote database #CVE_2012_3137 cve = CVE_2012_3137 (args) cve.testAll() #usernamelikepassword args['run'] = True runUsernameLikePassword(args)
def runAllModules(args): ''' Run all modules ''' connectionInformation, validSIDsList = {}, [] #0)TNS Poinsoning if args['no-tns-poisoning-check'] == False: tnspoison = Tnspoison(args) tnspoison.testAll() else: logging.info("Don't check if the target is vulnerable to TNS poisoning because the option --no-tns-poisoning-check is enabled in command line") #A)SID MANAGEMENT if args['sid'] == None : logging.debug("Searching valid SIDs") validSIDsList = runSIDGuesserModule(args) args['user'], args['password'] = None, None else : validSIDsList = [args['sid']] if validSIDsList == []: exit(EXIT_NO_SIDS) #B)ACCOUNT MANAGEMENT if args['credentialsFile'] == True : logging.debug("Loading credentials stored in the {0} file".format(args['accounts-file'])) #Load accounts from file passwordGuesser = PasswordGuesser(args, args['accounts-file'], loginFile=None ,passwordFile=None, loginAsPwd=args['login-as-pwd']) validAccountsList = passwordGuesser.getAccountsFromFile() for aSid in validSIDsList: for anAccount in validAccountsList: if connectionInformation.has_key(aSid) == False: connectionInformation[aSid] = [[anAccount[0], anAccount[1]]] else : connectionInformation[aSid].append([anAccount[0], anAccount[1]]) elif args['user'] == None and args['password'] == None: for sid in validSIDsList: args['print'].title("Searching valid accounts on the {0} SID".format(sid)) args['sid'] = sid if args['accounts-files'][0] != None and args['accounts-files'][1] != None : args['accounts-file'] = None passwordGuesser = PasswordGuesser(args, accountsFile=args['accounts-file'], loginFile=args['accounts-files'][0], passwordFile=args['accounts-files'][1], timeSleep=args['timeSleep'], loginAsPwd=args['login-as-pwd']) passwordGuesser.searchValideAccounts() validAccountsList = passwordGuesser.valideAccounts if validAccountsList == {}: args['print'].badNews("No found a valid account on {0}:{1}/{2}. You should try with the option '--accounts-file accounts/accounts_multiple.txt' or '--accounts-file accounts/logins.txt accounts/pwds.txt'".format(args['server'], args['port'], args['sid'])) exit(EXIT_NO_ACCOUNTS) else : args['print'].goodNews("Accounts found on {0}:{1}/{2}: {3}".format(args['server'], args['port'], args['sid'],getCredentialsFormated(validAccountsList))) for aLogin, aPassword in validAccountsList.items(): if connectionInformation.has_key(sid) == False: connectionInformation[sid] = [[aLogin,aPassword]] else : connectionInformation[sid].append([aLogin,aPassword]) else: validAccountsList = {args['user']:args['password']} for aSid in validSIDsList: for aLogin, aPassword in validAccountsList.items(): if connectionInformation.has_key(aSid) == False: connectionInformation[aSid] = [[aLogin,aPassword]] else : connectionInformation[aSid].append([aLogin,aPassword]) #C)ALL OTHERS MODULES if sidHasBeenGiven(args) == False : return EXIT_MISS_ARGUMENT #elif anAccountIsGiven(args) == False : return EXIT_MISS_ARGUMENT for aSid in connectionInformation.keys(): for loginAndPass in connectionInformation[aSid]: args['sid'] , args['user'], args['password'] = aSid, loginAndPass[0],loginAndPass[1] args['print'].title("Testing all modules on the {0} SID with the {1}/{2} account".format(args['sid'],args['user'],args['password'])) #INFO ABOUT REMOTE SERVER status = OracleDatabase(args).connection() if isinstance(status,Exception): args['print'].badNews("Impossible to connect to the remote database: {0}".format(str(status).replace('\n',''))) break #UTL_HTTP utlHttp = UtlHttp(args) status = utlHttp.connection() utlHttp.testAll() #HTTPURITYPE httpUriType = HttpUriType(args) httpUriType.testAll() #UTL_FILE utlFile = UtlFile(args) utlFile.testAll() #JAVA java = Java(args) java.testAll() #DBMS ADVISOR dbmsAdvisor = DbmsAdvisor(args) dbmsAdvisor.testAll() #DBMS Scheduler dbmsScheduler = DbmsScheduler(args) dbmsScheduler.testAll() #CTXSYS ctxsys = Ctxsys(args) ctxsys.testAll() #Passwords passwords = Passwords(args) passwords.testAll() #DbmsXmldom dbmsXslprocessor = DbmsXslprocessor(args) dbmsXslprocessor.testAll() #External Table externalTable = ExternalTable(args) externalTable.testAll() #Oradbg oradbg = Oradbg(args) oradbg.testAll() #DbmsLob dbmsLob = DbmsLob(args) dbmsLob.testAll() #SMB smb = SMB(args) smb.testAll() #Pribvilege escalation privilegeEscalation = PrivilegeEscalation(args) privilegeEscalation.testAll() #Test some CVE cve = CVE_XXXX_YYYY(args) cve.testAll() cve.close() #Close the socket to the remote database #CVE_2012_3137 cve = CVE_2012_3137 (args) cve.testAll() #usernamelikepassword args['run'] = True runUsernameLikePassword(args)
def runAllModules(args): ''' Run all modules ''' connectionInformation, validDatabaseList = {}, [] status = ipOrNameServerHasBeenGiven(args) if status == False: return EXIT_MISS_ARGUMENT #A)REMOTE VERSION ###########mssqlInfo = MssqlInfo(args) ###########mssqlInfo.testAll() if databaseHasBeenGiven(args): validDatabaseList = [args['database']] #B)ACCOUNT MANAGEMENT if args['user'] == None and args['password'] == None: for database in validDatabaseList: args['print'].title("Searching valid accounts on the {0} database".format(database)) args['database'] = database passwordGuesser = PasswordGuesser(args, usernamesFile=args['usernames-file'], passwordsFile=args['passwords-file'], accountsFile=args['accounts-file']) status = passwordGuesser.searchValideAccounts() if status == False: #Connection error during scan (perhaps host is unavailable now) logging.error("Host is probably unavailable. Stopping for this host!") return validAccountsList = passwordGuesser.valideAccounts if validAccountsList == {}: args['print'].badNews("No found a valid account on {0}:{1}/{2}.".format(args['host'], args['port'], args['database'])) return else : args['print'].goodNews("Accounts found on {0}:{1}/{2}: {3}. All modules will be started with this (these) account(s)".format(args['host'], args['port'], args['database'],validAccountsList)) for aLogin, aPassword in validAccountsList.items(): if connectionInformation.has_key(database) == False: connectionInformation[database] = [[aLogin,aPassword]] else : connectionInformation[database].append([aLogin,aPassword]) else : validAccountsList = {args['user']:args['password']} for database in validDatabaseList: for aLogin, aPassword in validAccountsList.items(): if connectionInformation.has_key(database) == False: connectionInformation[database] = [[aLogin,aPassword]] else : connectionInformation[database].append([aLogin,aPassword]) #C)ALL OTHERS MODULES for aDatabase in connectionInformation.keys(): for loginAndPass in connectionInformation[aDatabase]: args['database'] , args['user'], args['password'] = aDatabase, loginAndPass[0],loginAndPass[1] args['print'].title("Testing the '{0}' database with the account {1}/{2}".format(database,args['user'], args['password'])) #C.0)Trustworthy module (Privilege escalation) trustworthyPE = TrustworthyPE(args) status = trustworthyPE.connect() if isinstance(status,Exception): args['print'].badNews("Impossible to connect to the remote database: {0}".format(str(status).replace('\n',''))) break trustworthyPE.testAll() #C.1)Passwordstealer passwordstealer = Passwordstealer(args) passwordstealer.testAll() #C.2)xpcmdshell xpcmdshell = Xpcmdshell(args) xpcmdshell.testAll() #C.3)Jobs jobs = Jobs(args) jobs.testAll() #C.4) SMBAUthenticationCapture smbAuthenticationCapture = SMBAuthenticationCapture(args,localIp="127.0.0.1", shareName=DEFAULT_SHARE_NAME) smbAuthenticationCapture.testAll() #C.5) OLEAutomation oleAutomation = OleAutomation(args) oleAutomation.testAll() #C.6) BulkOpen bulkOpen = BulkOpen(args) bulkOpen.testAll() #C.7) XpDirectory PPxpdirectory = XpDirectory(args) PPxpdirectory.testAll() bulkOpen.closeConnection() #usernamelikepassword args['run'] = True runUsernameLikePassword(args)
def runAllModules(args): ''' Run all modules ''' connectionInformation, validSIDsList = {}, [] #0)TNS Poinsoning if args['no-tns-poisoning-check'] == False: tnspoison = Tnspoison(args) tnspoison.testAll() else: logging.info("Don't check if the target is vulnerable to TNS poisoning because the option --no-tns-poisoning-check is enabled in command line") #A)SID MANAGEMENT if args['sid'] == None : logging.debug("Searching valid SIDs") validSIDsList = runSIDGuesserModule(args) args['user'], args['password'] = None, None else : validSIDsList = [args['sid']] if validSIDsList == []: exit(EXIT_NO_SIDS) #B)ACCOUNT MANAGEMENT if args['credentialsFile'] == True : logging.debug("Loading credentials stored in the {0} file".format(args['accounts-file'])) #Load accounts from file passwordGuesser = PasswordGuesser(args, args['accounts-file'], loginFile=None ,passwordFile=None, loginAsPwd=args['login-as-pwd']) validAccountsList = passwordGuesser.getAccountsFromFile() for aSid in validSIDsList: for anAccount in validAccountsList: if connectionInformation.has_key(aSid) == False: connectionInformation[aSid] = [[anAccount[0], anAccount[1]]] else : connectionInformation[aSid].append([anAccount[0], anAccount[1]]) elif args['user'] == None and args['password'] == None: for sid in validSIDsList: args['print'].title("Searching valid accounts on the {0} SID".format(sid)) args['sid'] = sid if args['accounts-files'][0] != None and args['accounts-files'][1] != None : args['accounts-file'] = None passwordGuesser = PasswordGuesser(args, accountsFile=args['accounts-file'], loginFile=args['accounts-files'][0], passwordFile=args['accounts-files'][1], timeSleep=args['timeSleep'], loginAsPwd=args['login-as-pwd']) passwordGuesser.searchValideAccounts() validAccountsList = passwordGuesser.valideAccounts if validAccountsList == {}: args['print'].badNews("No found a valid account on {0}:{1}/{2}. You should try with the option '--accounts-file accounts/accounts_multiple.txt' or '--accounts-file accounts/logins.txt accounts/pwds.txt'".format(args['server'], args['port'], args['sid'])) exit(EXIT_NO_ACCOUNTS) else : args['print'].goodNews("Accounts found on {0}:{1}/{2}: {3}".format(args['server'], args['port'], args['sid'],getCredentialsFormated(validAccountsList))) for aLogin, aPassword in validAccountsList.items(): if connectionInformation.has_key(sid) == False: connectionInformation[sid] = [[aLogin,aPassword]] else : connectionInformation[sid].append([aLogin,aPassword]) else: validAccountsList = {args['user']:args['password']} for aSid in validSIDsList: for aLogin, aPassword in validAccountsList.items(): if connectionInformation.has_key(aSid) == False: connectionInformation[aSid] = [[aLogin,aPassword]] else : connectionInformation[aSid].append([aLogin,aPassword]) #C)ALL OTHERS MODULES if sidHasBeenGiven(args) == False : return EXIT_MISS_ARGUMENT #elif anAccountIsGiven(args) == False : return EXIT_MISS_ARGUMENT for aSid in connectionInformation.keys(): for loginAndPass in connectionInformation[aSid]: args['sid'] , args['user'], args['password'] = aSid, loginAndPass[0],loginAndPass[1] args['print'].title("Testing all modules on the {0} SID with the {1}/{2} account".format(args['sid'],args['user'],args['password'])) #INFO ABOUT REMOTE SERVER info = Info(args) status = info.connection() if isinstance(status,Exception): args['print'].badNews("Impossible to connect to the remote database: {0}".format(str(status).replace('\n',''))) break info.loadInformationRemoteDatabase() args['info'] = info #UTL_HTTP utlHttp = UtlHttp(args) status = utlHttp.connection() utlHttp.testAll() #HTTPURITYPE httpUriType = HttpUriType(args) httpUriType.testAll() #UTL_FILE utlFile = UtlFile(args) utlFile.testAll() #JAVA java = Java(args) java.testAll() #DBMS ADVISOR dbmsAdvisor = DbmsAdvisor(args) dbmsAdvisor.testAll() #DBMS Scheduler dbmsScheduler = DbmsScheduler(args) dbmsScheduler.testAll() #CTXSYS ctxsys = Ctxsys(args) ctxsys.testAll() #Passwords passwords = Passwords(args) passwords.testAll() #DbmsXmldom dbmsXslprocessor = DbmsXslprocessor(args) dbmsXslprocessor.testAll() #External Table externalTable = ExternalTable(args) externalTable.testAll() #Oradbg oradbg = Oradbg(args) oradbg.testAll() #DbmsLob dbmsLob = DbmsLob(args) dbmsLob.testAll() #SMB smb = SMB(args) smb.testAll() #Pribvilege escalation privilegeEscalation = PrivilegeEscalation(args) privilegeEscalation.testAll() #Test some CVE cve = CVE_XXXX_YYYY(args) cve.testAll() cve.close() #Close the socket to the remote database #CVE_2012_3137 cve = CVE_2012_3137 (args) cve.testAll() #usernamelikepassword args['run'] = True runUsernameLikePassword(args)