New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added Teradata ODBC Login and SQL modules and documentation #10109

Merged
merged 1 commit into from Jun 27, 2018

Conversation

Projects
None yet
4 participants
@actuated
Copy link
Contributor

actuated commented May 29, 2018

Adds teradata_odbc_login and teradata_odbc_sql modules and documentation for performing Teradata Database login attacks and running SQL queries.

Requirements

  • Teradata ODBC drivers
  • Python Teradata module

ODBC Driver for Kali Linux 2017.3

  1. Download the Teradata ODBC driver for Ubuntu from downloads.teradata.com.
  2. Refer to the Ubuntu package README for up-to-date instructions.
    1. Install lib32stdc++6 if necessary.
    2. Install the ODBC drivers: dpkg -i [package].deb
    3. Copy /opt/teradata/client/ODBC_64/odbc.ini to /root/.odbc.ini .
      • Or your home directory if not root.
      • Make sure odbc.ini has been renamed to .obdc.ini .

Python Package

pip install teradata

Verification for teradata_odbc_login

  1. Deploy a Teradata Express test environment.
  2. Install the OBCD driver and python package.
  3. Start msfconsole.
  4. Do: use auxiliary/scanner/teradata/teradata_odbc_login
  5. Do: set RHOSTS [IPs]
  6. Do: set USERNAME [username to try]
  7. Do: set PASSWORD [password to try]
    • The default Teradata credentials are the matching username and password 'dbc'.
  8. Do: run
msf > use auxiliary/scanner/teradata/teradata_odbc_login
msf auxiliary(scanner/teradata/teradata_odbc_login) > set RHOSTS 192.168.0.2
RHOSTS => 192.168.0.2
msf auxiliary(scanner/teradata/teradata_odbc_login) > set USERNAME dbc
USERNAME => dbc
msf auxiliary(scanner/teradata/teradata_odbc_login) > set PASSWORD dbc
PASSWORD => dbc
msf auxiliary(scanner/teradata/teradata_odbc_login) > run

[*] Running for 192.168.0.2...
[*] 192.168.0.2:1025 - Creating connection: %s
[*] 192.168.0.2:1025 - Loading ODBC Library: %s
[*] 192.168.0.2:1025 - Method succeeded with info:  [26] 523 24
[*] 192.168.0.2:1025 - Method succeeded with info:  [26] 523 24
[*] 192.168.0.2:1025 - Available drivers: Teradata Database ODBC Driver 16.20, 
[*] 192.168.0.2:1025 - Creating connection using ODBC ConnectString: %s
[*] 192.168.0.2:1025 - Setting AUTOCOMMIT to %s
[*] 192.168.0.2:1025 - FETCH_SIZE: 1
[*] 192.168.0.2:1025 - Buffer size for column %s: %s
[*] 192.168.0.2:1025 - SELECT SESSION returned %s
[*] 192.168.0.2:1025 - Executing query on session %s using SQLExecDirectW: %s
[*] 192.168.0.2:1025 - Committing transaction...
[*] 192.168.0.2:1025 - Created session %s.
[*] 192.168.0.2:1025 - Creating cursor %s for session %s.
[*] 192.168.0.2:1025 - Connection successful. Duration: %.3f seconds. Details: %s
[*] 192.168.0.2:1025 - Closing cursor %s for session %s.
[*] 192.168.0.2:1025 - Closing session %s...
[*] 192.168.0.2:1025 - Session %s closed.
[+] 192.168.0.2:1025 - [1/1] - dbc:dbc - Success
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

Verification for teradata_odbc_sql

  1. Deploy a Teradata Express test environment.
  2. Install the OBCD driver and python package.
  3. Start msfconsole.
  4. Do: use auxiliary/admin/teradata/teradata_odbc_sql
  5. Do: set RHOSTS [IPs]
  6. Do: set USERNAME [username to try]
  7. Do: set PASSWORD [password to try]
    • The default Teradata credentials are the matching username and password 'DBC'.
  8. Set a SQL query for the 'SQL' option.
    • The default is SELECT DATABASENAME FROM DBC.DATABASES
  9. Do: run
msf > use auxiliary/admin/teradata/teradata_odbc_sql 
msf auxiliary(admin/teradata/teradata_odbc_sql) > show options

Module options (auxiliary/admin/teradata/teradata_odbc_sql):

   Name      Current Setting                         Required  Description
   ----      ---------------                         --------  -----------
   PASSWORD  dbc                                     yes       Password
   RHOSTS                                            yes       The target address range or CIDR identifier
   SQL       SELECT DATABASENAME FROM DBC.DATABASES  yes       SQL query to perform
   THREADS   1                                       yes       The number of concurrent threads
   USERNAME  dbc                                     yes       Username

msf auxiliary(admin/teradata/teradata_odbc_sql) > set RHOSTS 192.168.0.2
RHOSTS => 192.168.0.2
msf auxiliary(admin/teradata/teradata_odbc_sql) > run

[*] Running for 192.168.0.2...
[*] 192.168.0.2 - dbc:dbc - Starting
[*] 192.168.0.2 - Creating connection: %s
[*] 192.168.0.2 - Loading ODBC Library: %s
[*] 192.168.0.2 - Available drivers: Teradata Database ODBC Driver 16.20, 
[*] 192.168.0.2 - Connection successful. Duration: %.3f seconds. Details: %s
[+] 192.168.0.2 - dbc:dbc - Login Successful
[*] 192.168.0.2 - Starting - SELECT DATABASENAME FROM DBC.DATABASES
[*] 192.168.0.2 - Query Successful. Duration: %.3f seconds,%sQuery: %s%s
[+] 192.168.0.2 - Row 1: [DatabaseUser                  ]
[+] 192.168.0.2 - Row 2: [All                           ]
[+] 192.168.0.2 - Row 3: [SYSJDBC                       ]
[+] 192.168.0.2 - Row 4: [TDStats                       ]
[+] 192.168.0.2 - Row 5: [TD_SYSXML                     ]
[+] 192.168.0.2 - Row 6: [PUBLIC                        ]
[+] 192.168.0.2 - Row 7: [DBC                           ]
[+] 192.168.0.2 - Row 8: [SYSBAR                        ]
[+] 192.168.0.2 - Row 9: [TD_SYSGPL                     ]
[+] 192.168.0.2 - Row 10: [SYSLIB                        ]
[+] 192.168.0.2 - Row 11: [SQLJ                          ]
[+] 192.168.0.2 - Row 12: [LockLogShredder               ]
[+] 192.168.0.2 - Row 13: [Default                       ]
[+] 192.168.0.2 - Row 14: [TDPUSER                       ]
[+] 192.168.0.2 - Row 15: [TD_SYSFNLIB                   ]
[+] 192.168.0.2 - Row 16: [EXTUSER                       ]
[+] 192.168.0.2 - Row 17: [tdwm                          ]
[+] 192.168.0.2 - Row 18: [SystemFe                      ]
[+] 192.168.0.2 - Row 19: [External_AP                   ]
[+] 192.168.0.2 - Row 20: [TDQCD                         ]
[+] 192.168.0.2 - Row 21: [dbcmngr                       ]
[+] 192.168.0.2 - Row 22: [Sys_Calendar                  ]
[+] 192.168.0.2 - Row 23: [SysAdmin                      ]
[+] 192.168.0.2 - Row 24: [TD_SERVER_DB                  ]
[+] 192.168.0.2 - Row 25: [TDMaps                        ]
[+] 192.168.0.2 - Row 26: [SYSUDTLIB                     ]
[+] 192.168.0.2 - Row 27: [Crashdumps                    ]
[+] 192.168.0.2 - Row 28: [SYSSPATIAL                    ]
[+] 192.168.0.2 - Row 29: [MyUser                        ]
[+] 192.168.0.2 - Row 30: [SYSUIF                        ]
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

@acammack-r7 acammack-r7 self-assigned this May 29, 2018

@acammack-r7 acammack-r7 merged commit b0d8e93 into rapid7:master Jun 27, 2018

3 checks passed

Metasploit Automation - Sanity Test Execution Successfully completed all tests.
Details
Metasploit Automation - Test Execution Successfully completed all tests.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

acammack-r7 added a commit that referenced this pull request Jun 27, 2018

@acammack-r7

This comment has been minimized.

Copy link
Contributor

acammack-r7 commented Jun 27, 2018

Did a little bit of cleanup:
9d8294f Mark Teradata login scanner executable
8b2bd35 Fixup option references in Teradata SQL
fe8538a Add note about Teradata configuration for OS X
1dbcf0f Cleanup Teradata SQL options
3985191 Add userpass option to Teradata login scanner
ef309e0 Fixup metadata whitespace

msjenkins-r7 added a commit that referenced this pull request Jun 27, 2018

@acammack-r7

This comment has been minimized.

Copy link
Contributor

acammack-r7 commented Jun 27, 2018

Release Notes

Adds a login scanner and SQL query runner for the Teradata database system.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment