def runPasswordsModule(args):
'''
Run the Passwords module
'''
status = True
if checkOptionsGivenByTheUser(args,["test-module","info","get-passwords","get-passwords-from-history"]) == False : return EXIT_MISS_ARGUMENT
passwords = Passwords(args)
status = passwords.connection(stopIfError=True)
if args.has_key('info')==False:
info = Info(args)
info.loadInformationRemoteDatabase()
args['info'] = info
if args['test-module'] == True :
args['print'].title("Test if hashed passwords can be got")
status = passwords.testAll()
if args['get-passwords'] == True :
args['print'].title("Try to get Oracle hashed passwords")
status = passwords.__tryToGetHashedPasswords__()
if status == True :
args['print'].goodNews("Here are Oracle hashed passwords:")
passwords.printPasswords()
else :
args['print'].badNews("Impossible to get hashed passwords: {0}".format(status))
if args['get-passwords-from-history'] == True :
args['print'].title("Try to get Oracle hashed passwords from history")
status = passwords.__tryToGetHashedPasswordsfromHistory__()
if status == True :
args['print'].goodNews("Here are Oracle hashed passwords:")
passwords.printPasswords()
else :
args['print'].badNews("Impossible to get hashed passwords from history: {0}".format(status))
def runPasswordsModule(args):
'''
Run the Passwords module
'''
status = True
if checkOptionsGivenByTheUser(args,["test-module","get-passwords","get-passwords-from-history"]) == False : return EXIT_MISS_ARGUMENT
passwords = Passwords(args)
status = passwords.connection(stopIfError=True)
if args.has_key('info')==False:
info = Info(args)
info.loadInformationRemoteDatabase()
args['info'] = info
if args['test-module'] == True :
args['print'].title("Test if hashed passwords can be got")
status = passwords.testAll()
if args['get-passwords'] == True :
args['print'].title("Try to get Oracle hashed passwords")
status = passwords.__tryToGetHashedPasswords__()
if status == True :
args['print'].goodNews("Here are Oracle hashed passwords:")
passwords.printPasswords()
else :
args['print'].badNews("Impossible to get hashed passwords: {0}".format(status))
if args['get-passwords-from-history'] == True :
args['print'].title("Try to get Oracle hashed passwords from history")
status = passwords.__tryToGetHashedPasswordsfromHistory__()
if status == True :
args['print'].goodNews("Here are Oracle hashed passwords:")
passwords.printPasswords()
else :
args['print'].badNews("Impossible to get hashed passwords from history: {0}".format(status))
def runPasswordsModule(args):
'''
Run the Passwords module
'''
status = True
if checkOptionsGivenByTheUser(args,["test-module","get-passwords","get-passwords-from-history", "get-passwords-not-locked"]) == False : return EXIT_MISS_ARGUMENT
passwords = Passwords(args)
status = passwords.connection(stopIfError=True)
passwords.__getLockedUsernames__()
if args.has_key('info')==False:
info = Info(args)
info.loadInformationRemoteDatabase()
args['info'] = info
if args['test-module'] == True :
args['print'].title("Test if hashed passwords can be got")
status = passwords.testAll()
if args['get-passwords'] == True :
args['print'].title("Try to get Oracle hashed passwords")
status = passwords.__tryToGetHashedPasswords__()
if status == True :
args['print'].goodNews("Here are Oracle hashed passwords (some accounts can be locked):")
passwords.printPasswords()
args['print'].goodNews("Here are 10g Oracle hashed passwords for oclHashcat (some accounts can be locked):")
passwords.printPasswordsOclHashcat()
else :
args['print'].badNews("Impossible to get hashed passwords: {0}".format(status))
if args['get-passwords-not-locked'] == True :
args['print'].title("Try to get Oracle hashed passwords when the account is not locked")
blacklistOfUsernames = passwords.__getLockedUsernames__()
status = passwords.__tryToGetHashedPasswords__(blacklistOfUsernames)
if status == True :
args['print'].goodNews("Here are Oracle hashed passwords (all accounts are opened, not locked):")
passwords.printPasswords()
args['print'].goodNews("Here are 10g Oracle hashed passwords for oclHashcat (all accounts are opened, not locked):")
passwords.printPasswordsOclHashcat()
else :
args['print'].badNews("Impossible to get hashed passwords: {0}".format(status))
if args['get-passwords-from-history'] == True :
args['print'].title("Try to get Oracle hashed passwords from history")
status = passwords.__tryToGetHashedPasswordsfromHistory__()
if status == True :
args['print'].goodNews("Here are Oracle hashed passwords:")
passwords.printPasswords()
else :
args['print'].badNews("Impossible to get hashed passwords from history: {0}".format(status))
def runAllModules(args):
'''
Run all modules
'''
connectionInformation, validSIDsList = {}, []
#A)SID MANAGEMENT
if args['sid'] == None :
validSIDsList = runSIDGuesserModule(args)
args['user'], args['password'] = None, None
else :
validSIDsList = [args['sid']]
#B)ACCOUNT MANAGEMENT
if args['user'] == None and args['password'] == None:
for sid in validSIDsList:
args['print'].title("Searching valid accounts on the {0} SID".format(sid))
args['sid'] = sid
passwordGuesser = PasswordGuesser(args,args['accounts-file'])
passwordGuesser.searchValideAccounts()
validAccountsList = passwordGuesser.valideAccounts
if validAccountsList == {}:
args['print'].badNews("No found a valid account on {0}:{1}/{2}".format(args['server'], args['port'], args['sid']))
exit(EXIT_NO_ACCOUNTS)
else :
args['print'].goodNews("Accounts found on {0}:{1}/{2}: {3}".format(args['server'], args['port'], args['sid'],validAccountsList))
for aLogin, aPassword in validAccountsList.items():
if connectionInformation.has_key(sid) == False: connectionInformation[sid] = [[aLogin,aPassword]]
else : connectionInformation[sid].append([aLogin,aPassword])
else :
validAccountsList = {args['user']:args['password']}
for aSid in validSIDsList:
for aLogin, aPassword in validAccountsList.items():
if connectionInformation.has_key(aSid) == False: connectionInformation[aSid] = [[aLogin,aPassword]]
else : connectionInformation[aSid].append([aLogin,aPassword])
#C)ALL OTHERS MODULES
if sidHasBeenGiven(args) == False : return EXIT_MISS_ARGUMENT
elif anAccountIsGiven(args) == False : return EXIT_MISS_ARGUMENT
for aSid in connectionInformation.keys():
for loginAndPass in connectionInformation[aSid]:
args['sid'] , args['user'], args['password'] = aSid, loginAndPass[0],loginAndPass[1]
args['print'].title("Testing all modules on the {0} SID with the {1}/{2} account".format(args['sid'],args['user'],args['password']))
#INFO ABOUT REMOTE SERVER
info = Info(args)
status = info.connection()
if isinstance(status,Exception):
args['print'].badNews("Impossible to connect to the remote database: {0}".format(str(status).replace('\n','')))
break
info.loadInformationRemoteDatabase()
args['info'] = info
#UTL_HTTP
utlHttp = UtlHttp(args)
status = utlHttp.connection()
utlHttp.testAll()
#HTTPURITYPE
httpUriType = HttpUriType(args)
httpUriType.testAll()
#UTL_FILE
utlFile = UtlFile(args)
utlFile.testAll()
#JAVA
java = Java(args)
java.testAll()
#DBMS ADVISOR
dbmsAdvisor = DbmsAdvisor(args)
dbmsAdvisor.testAll()
#DBMS Scheduler
dbmsScheduler = DbmsScheduler(args)
dbmsScheduler.testAll()
#CTXSYS
ctxsys = Ctxsys(args)
ctxsys.testAll()
#Passwords
passwords = Passwords(args)
passwords.testAll()
#DbmsXmldom
dbmsXslprocessor = DbmsXslprocessor(args)
dbmsXslprocessor.testAll()
#External Table
externalTable = ExternalTable(args)
externalTable.testAll()
#Oradbg
oradbg = Oradbg(args)
oradbg.testAll()
oradbg.close() #Close the socket to the remote database
#CVE_2012_3137
cve = CVE_2012_3137 (args)
cve.testAll()
#usernamelikepassword
args['run'] = True
runUsernameLikePassword(args)
def runPasswordsModule(args):
'''
Run the Passwords module
'''
status = True
if checkOptionsGivenByTheUser(args, [
"test-module", "get-passwords", "get-passwords-from-history",
"get-passwords-not-locked"
]) == False:
return EXIT_MISS_ARGUMENT
passwords = Passwords(args)
status = passwords.connection(stopIfError=True)
passwords.__getLockedUsernames__()
if args.has_key('info') == False:
info = Info(args)
info.loadInformationRemoteDatabase()
args['info'] = info
if args['test-module'] == True:
args['print'].title("Test if hashed passwords can be got")
status = passwords.testAll()
if args['get-passwords'] == True:
args['print'].title("Try to get Oracle hashed passwords")
status = passwords.__tryToGetHashedPasswords__()
if status == True:
args['print'].goodNews(
"Here are Oracle hashed passwords (some accounts can be locked):"
)
passwords.printPasswords()
args['print'].goodNews(
"Here are 10g Oracle hashed passwords for oclHashcat (some accounts can be locked):"
)
passwords.printPasswordsOclHashcat()
args['print'].goodNews(
"Here are 10g Oracle hashed passwords for John the Ripper (some accounts can be locked):"
)
passwords.printPasswordsJohn()
else:
args['print'].badNews(
"Impossible to get hashed passwords: {0}".format(status))
if args['get-passwords-not-locked'] == True:
args['print'].title(
"Try to get Oracle hashed passwords when the account is not locked"
)
blacklistOfUsernames = passwords.__getLockedUsernames__()
status = passwords.__tryToGetHashedPasswords__(blacklistOfUsernames)
if status == True:
args['print'].goodNews(
"Here are Oracle hashed passwords (all accounts are opened, not locked):"
)
passwords.printPasswords()
args['print'].goodNews(
"Here are 10g Oracle hashed passwords for oclHashcat (all accounts are opened, not locked):"
)
passwords.printPasswordsOclHashcat()
args['print'].goodNews(
"Here are 10g Oracle hashed passwords for John the Ripper (all accounts are opened, not locked):"
)
passwords.printPasswordsJohn()
else:
args['print'].badNews(
"Impossible to get hashed passwords: {0}".format(status))
if args['get-passwords-from-history'] == True:
args['print'].title("Try to get Oracle hashed passwords from history")
status = passwords.__tryToGetHashedPasswordsfromHistory__()
if status == True:
args['print'].goodNews("Here are Oracle hashed passwords:")
passwords.printPasswords()
else:
args['print'].badNews(
"Impossible to get hashed passwords from history: {0}".format(
status))
def runAllModules(args):
'''
Run all modules
'''
connectionInformation, validSIDsList = {}, []
#0)TNS Poinsoning
if args['no-tns-poisoning-check'] == False:
tnspoison = Tnspoison(args)
tnspoison.testAll()
else:
logging.info("Don't check if the target is vulnerable to TNS poisoning because the option --no-tns-poisoning-check is enabled in command line")
#A)SID MANAGEMENT
if args['sid'] == None :
logging.debug("Searching valid SIDs")
validSIDsList = runSIDGuesserModule(args)
args['user'], args['password'] = None, None
else :
validSIDsList = [args['sid']]
if validSIDsList == []:
exit(EXIT_NO_SIDS)
#B)ACCOUNT MANAGEMENT
if args['credentialsFile'] == True :
logging.debug("Loading credentials stored in the {0} file".format(args['accounts-file']))
#Load accounts from file
passwordGuesser = PasswordGuesser(args, args['accounts-file'], loginFile=None ,passwordFile=None, loginAsPwd=args['login-as-pwd'])
validAccountsList = passwordGuesser.getAccountsFromFile()
for aSid in validSIDsList:
for anAccount in validAccountsList:
if connectionInformation.has_key(aSid) == False: connectionInformation[aSid] = [[anAccount[0], anAccount[1]]]
else : connectionInformation[aSid].append([anAccount[0], anAccount[1]])
elif args['user'] == None and args['password'] == None:
for sid in validSIDsList:
args['print'].title("Searching valid accounts on the {0} SID".format(sid))
args['sid'] = sid
if args['accounts-files'][0] != None and args['accounts-files'][1] != None : args['accounts-file'] = None
passwordGuesser = PasswordGuesser(args, accountsFile=args['accounts-file'], loginFile=args['accounts-files'][0], passwordFile=args['accounts-files'][1], timeSleep=args['timeSleep'], loginAsPwd=args['login-as-pwd'])
passwordGuesser.searchValideAccounts()
validAccountsList = passwordGuesser.valideAccounts
if validAccountsList == {}:
args['print'].badNews("No found a valid account on {0}:{1}/{2}. You should try with the option '--accounts-file accounts/accounts_multiple.txt' or '--accounts-file accounts/logins.txt accounts/pwds.txt'".format(args['server'], args['port'], args['sid']))
exit(EXIT_NO_ACCOUNTS)
else :
args['print'].goodNews("Accounts found on {0}:{1}/{2}: {3}".format(args['server'], args['port'], args['sid'],getCredentialsFormated(validAccountsList)))
for aLogin, aPassword in validAccountsList.items():
if connectionInformation.has_key(sid) == False: connectionInformation[sid] = [[aLogin,aPassword]]
else : connectionInformation[sid].append([aLogin,aPassword])
else:
validAccountsList = {args['user']:args['password']}
for aSid in validSIDsList:
for aLogin, aPassword in validAccountsList.items():
if connectionInformation.has_key(aSid) == False: connectionInformation[aSid] = [[aLogin,aPassword]]
else : connectionInformation[aSid].append([aLogin,aPassword])
#C)ALL OTHERS MODULES
if sidHasBeenGiven(args) == False : return EXIT_MISS_ARGUMENT
#elif anAccountIsGiven(args) == False : return EXIT_MISS_ARGUMENT
for aSid in connectionInformation.keys():
for loginAndPass in connectionInformation[aSid]:
args['sid'] , args['user'], args['password'] = aSid, loginAndPass[0],loginAndPass[1]
args['print'].title("Testing all modules on the {0} SID with the {1}/{2} account".format(args['sid'],args['user'],args['password']))
#INFO ABOUT REMOTE SERVER
info = Info(args)
status = info.connection()
if isinstance(status,Exception):
args['print'].badNews("Impossible to connect to the remote database: {0}".format(str(status).replace('\n','')))
break
info.loadInformationRemoteDatabase()
args['info'] = info
#UTL_HTTP
utlHttp = UtlHttp(args)
status = utlHttp.connection()
utlHttp.testAll()
#HTTPURITYPE
httpUriType = HttpUriType(args)
httpUriType.testAll()
#UTL_FILE
utlFile = UtlFile(args)
utlFile.testAll()
#JAVA
java = Java(args)
java.testAll()
#DBMS ADVISOR
dbmsAdvisor = DbmsAdvisor(args)
dbmsAdvisor.testAll()
#DBMS Scheduler
dbmsScheduler = DbmsScheduler(args)
dbmsScheduler.testAll()
#CTXSYS
ctxsys = Ctxsys(args)
ctxsys.testAll()
#Passwords
passwords = Passwords(args)
passwords.testAll()
#DbmsXmldom
dbmsXslprocessor = DbmsXslprocessor(args)
dbmsXslprocessor.testAll()
#External Table
externalTable = ExternalTable(args)
externalTable.testAll()
#Oradbg
oradbg = Oradbg(args)
oradbg.testAll()
#DbmsLob
dbmsLob = DbmsLob(args)
dbmsLob.testAll()
#SMB
smb = SMB(args)
smb.testAll()
#Pribvilege escalation
privilegeEscalation = PrivilegeEscalation(args)
privilegeEscalation.testAll()
#Test some CVE
cve = CVE_XXXX_YYYY(args)
cve.testAll()
cve.close() #Close the socket to the remote database
#CVE_2012_3137
cve = CVE_2012_3137 (args)
cve.testAll()
#usernamelikepassword
args['run'] = True
runUsernameLikePassword(args)
def runAllModules(args):
'''
Run all modules
'''
connectionInformation, validSIDsList = {}, []
#0)TNS Poinsoning
if args['no-tns-poisoning-check'] == False:
tnspoison = Tnspoison(args)
tnspoison.testAll()
else:
logging.info("Don't check if the target is vulnerable to TNS poisoning because the option --no-tns-poisoning-check is enabled in command line")
#A)SID MANAGEMENT
if args['sid'] == None :
logging.debug("Searching valid SIDs")
validSIDsList = runSIDGuesserModule(args)
args['user'], args['password'] = None, None
else :
validSIDsList = [args['sid']]
if validSIDsList == []:
exit(EXIT_NO_SIDS)
#B)ACCOUNT MANAGEMENT
if args['credentialsFile'] == True :
logging.debug("Loading credentials stored in the {0} file".format(args['accounts-file']))
#Load accounts from file
passwordGuesser = PasswordGuesser(args, args['accounts-file'], loginFile=None ,passwordFile=None, loginAsPwd=args['login-as-pwd'])
validAccountsList = passwordGuesser.getAccountsFromFile()
for aSid in validSIDsList:
for anAccount in validAccountsList:
if connectionInformation.has_key(aSid) == False: connectionInformation[aSid] = [[anAccount[0], anAccount[1]]]
else : connectionInformation[aSid].append([anAccount[0], anAccount[1]])
elif args['user'] == None and args['password'] == None:
for sid in validSIDsList:
args['print'].title("Searching valid accounts on the {0} SID".format(sid))
args['sid'] = sid
if args['accounts-files'][0] != None and args['accounts-files'][1] != None : args['accounts-file'] = None
passwordGuesser = PasswordGuesser(args, accountsFile=args['accounts-file'], loginFile=args['accounts-files'][0], passwordFile=args['accounts-files'][1], timeSleep=args['timeSleep'], loginAsPwd=args['login-as-pwd'])
passwordGuesser.searchValideAccounts()
validAccountsList = passwordGuesser.valideAccounts
if validAccountsList == {}:
args['print'].badNews("No found a valid account on {0}:{1}/{2}. You should try with the option '--accounts-file accounts/accounts_multiple.txt' or '--accounts-file accounts/logins.txt accounts/pwds.txt'".format(args['server'], args['port'], args['sid']))
exit(EXIT_NO_ACCOUNTS)
else :
args['print'].goodNews("Accounts found on {0}:{1}/{2}: {3}".format(args['server'], args['port'], args['sid'],getCredentialsFormated(validAccountsList)))
for aLogin, aPassword in validAccountsList.items():
if connectionInformation.has_key(sid) == False: connectionInformation[sid] = [[aLogin,aPassword]]
else : connectionInformation[sid].append([aLogin,aPassword])
else:
validAccountsList = {args['user']:args['password']}
for aSid in validSIDsList:
for aLogin, aPassword in validAccountsList.items():
if connectionInformation.has_key(aSid) == False: connectionInformation[aSid] = [[aLogin,aPassword]]
else : connectionInformation[aSid].append([aLogin,aPassword])
#C)ALL OTHERS MODULES
if sidHasBeenGiven(args) == False : return EXIT_MISS_ARGUMENT
#elif anAccountIsGiven(args) == False : return EXIT_MISS_ARGUMENT
for aSid in connectionInformation.keys():
for loginAndPass in connectionInformation[aSid]:
args['sid'] , args['user'], args['password'] = aSid, loginAndPass[0],loginAndPass[1]
args['print'].title("Testing all modules on the {0} SID with the {1}/{2} account".format(args['sid'],args['user'],args['password']))
#INFO ABOUT REMOTE SERVER
info = Info(args)
status = info.connection()
if isinstance(status,Exception):
args['print'].badNews("Impossible to connect to the remote database: {0}".format(str(status).replace('\n','')))
break
info.loadInformationRemoteDatabase()
args['info'] = info
#UTL_HTTP
utlHttp = UtlHttp(args)
status = utlHttp.connection()
utlHttp.testAll()
#HTTPURITYPE
httpUriType = HttpUriType(args)
httpUriType.testAll()
#UTL_FILE
utlFile = UtlFile(args)
utlFile.testAll()
#JAVA
java = Java(args)
java.testAll()
#DBMS ADVISOR
dbmsAdvisor = DbmsAdvisor(args)
dbmsAdvisor.testAll()
#DBMS Scheduler
dbmsScheduler = DbmsScheduler(args)
dbmsScheduler.testAll()
#CTXSYS
ctxsys = Ctxsys(args)
ctxsys.testAll()
#Passwords
passwords = Passwords(args)
passwords.testAll()
#DbmsXmldom
dbmsXslprocessor = DbmsXslprocessor(args)
dbmsXslprocessor.testAll()
#External Table
externalTable = ExternalTable(args)
externalTable.testAll()
#Oradbg
oradbg = Oradbg(args)
oradbg.testAll()
#DbmsLob
dbmsLob = DbmsLob(args)
dbmsLob.testAll()
#SMB
smb = SMB(args)
smb.testAll()
#Pribvilege escalation
privilegeEscalation = PrivilegeEscalation(args)
privilegeEscalation.testAll()
#Test some CVE
cve = CVE_XXXX_YYYY(args)
cve.testAll()
cve.close() #Close the socket to the remote database
#CVE_2012_3137
cve = CVE_2012_3137 (args)
cve.testAll()
#usernamelikepassword
args['run'] = True
runUsernameLikePassword(args)
