documentation/modules/auxiliary/admin/teradata/teradata_odbc_sql.md

The teradata_odbc_sql module is used to run SQL queries for Teradata databases.

## Vulnerable Application

* Teradata Database
* Teradata Express

Teradata databases can be identified by scanning for TCP port 1025. An Nmap version scan can confirm if the service is recognized as Teradata.

The teradata_odbc_login module can be used to brute-force credentials.

## Extra Requirements

This module requires the Teradata ODBC driver and the Teradata python library.

### ODBC Driver for Kali Linux 2017.3
1. Download the Teradata ODBC driver for Ubuntu from [downloads.teradata.com](https://downloads.teradata.com/download/connectivity/odbc-driver/linux).
2. Refer to the Ubuntu package README for up-to-date instructions.
   1. Install **lib32stdc++6** if necessary.
   2. Install the ODBC drivers: `dpkg -i [package].deb`
   3. Copy **/opt/teradata/client/ODBC_64/odbc.ini** to **/root/.odbc.ini** .
      * Or your home directory if not root.
      * Make sure **odbc.ini** has been renamed to **.obdc.ini** .

### Configuration for OS X

On OS X the Python client needs to be pointed to the ODBC driver manually. Create `~/udaexec.ini` with the following contents:
```ini
[CONFIG]

odbcLibPath=/usr/lib/libiodbc.dylib
```

### Python Package
```
pip install teradata
```
## Verification Steps
1. Deploy a [Teradata Express](https://www.teradata.com/products-and-services/teradata-express) test environment.
2. Install the OBCD driver and python package.
3. Start msfconsole.
4. Do: `use auxiliary/admin/teradata/teradata_odbc_sql`
5. Do: `set RHOSTS [IPs]`
6. Do: `set USERNAME [username to try]`
7. Do: `set PASSWORD [password to try]`
   * The default Teradata credentials are the matching username and password 'DBC'.
8. Set a SQL query for the 'SQL' option.
   * The default is `SELECT DATABASENAME FROM DBC.DATABASES`
9. Do: `run`

```
msf > use auxiliary/admin/teradata/teradata_odbc_sql 
msf auxiliary(admin/teradata/teradata_odbc_sql) > show options

Module options (auxiliary/admin/teradata/teradata_odbc_sql):

   Name      Current Setting                         Required  Description
   ----      ---------------                         --------  -----------
   PASSWORD  dbc                                     yes       Password
   RHOSTS                                            yes       The target address range or CIDR identifier
   SQL       SELECT DATABASENAME FROM DBC.DATABASES  yes       SQL query to perform
   THREADS   1                                       yes       The number of concurrent threads
   USERNAME  dbc                                     yes       Username

msf auxiliary(admin/teradata/teradata_odbc_sql) > set RHOSTS 192.168.0.2
RHOSTS => 192.168.0.2
msf auxiliary(admin/teradata/teradata_odbc_sql) > run

[*] Running for 192.168.0.2...
[*] 192.168.0.2 - dbc:dbc - Starting
[*] 192.168.0.2 - Creating connection: %s
[*] 192.168.0.2 - Loading ODBC Library: %s
[*] 192.168.0.2 - Available drivers: Teradata Database ODBC Driver 16.20, 
[*] 192.168.0.2 - Connection successful. Duration: %.3f seconds. Details: %s
[+] 192.168.0.2 - dbc:dbc - Login Successful
[*] 192.168.0.2 - Starting - SELECT DATABASENAME FROM DBC.DATABASES
[*] 192.168.0.2 - Query Successful. Duration: %.3f seconds,%sQuery: %s%s
[+] 192.168.0.2 - Row 1: [DatabaseUser                  ]
[+] 192.168.0.2 - Row 2: [All                           ]
[+] 192.168.0.2 - Row 3: [SYSJDBC                       ]
[+] 192.168.0.2 - Row 4: [TDStats                       ]
[+] 192.168.0.2 - Row 5: [TD_SYSXML                     ]
[+] 192.168.0.2 - Row 6: [PUBLIC                        ]
[+] 192.168.0.2 - Row 7: [DBC                           ]
[+] 192.168.0.2 - Row 8: [SYSBAR                        ]
[+] 192.168.0.2 - Row 9: [TD_SYSGPL                     ]
[+] 192.168.0.2 - Row 10: [SYSLIB                        ]
[+] 192.168.0.2 - Row 11: [SQLJ                          ]
[+] 192.168.0.2 - Row 12: [LockLogShredder               ]
[+] 192.168.0.2 - Row 13: [Default                       ]
[+] 192.168.0.2 - Row 14: [TDPUSER                       ]
[+] 192.168.0.2 - Row 15: [TD_SYSFNLIB                   ]
[+] 192.168.0.2 - Row 16: [EXTUSER                       ]
[+] 192.168.0.2 - Row 17: [tdwm                          ]
[+] 192.168.0.2 - Row 18: [SystemFe                      ]
[+] 192.168.0.2 - Row 19: [External_AP                   ]
[+] 192.168.0.2 - Row 20: [TDQCD                         ]
[+] 192.168.0.2 - Row 21: [dbcmngr                       ]
[+] 192.168.0.2 - Row 22: [Sys_Calendar                  ]
[+] 192.168.0.2 - Row 23: [SysAdmin                      ]
[+] 192.168.0.2 - Row 24: [TD_SERVER_DB                  ]
[+] 192.168.0.2 - Row 25: [TDMaps                        ]
[+] 192.168.0.2 - Row 26: [SYSUDTLIB                     ]
[+] 192.168.0.2 - Row 27: [Crashdumps                    ]
[+] 192.168.0.2 - Row 28: [SYSSPATIAL                    ]
[+] 192.168.0.2 - Row 29: [MyUser                        ]
[+] 192.168.0.2 - Row 30: [SYSUIF                        ]
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
```
Added Teradata ODBC Login and SQL modules and documentation 2018-05-29 10:12:43 -05:00			`The teradata_odbc_sql module is used to run SQL queries for Teradata databases.`

			`## Vulnerable Application`

			`* Teradata Database`
			`* Teradata Express`

			`Teradata databases can be identified by scanning for TCP port 1025. An Nmap version scan can confirm if the service is recognized as Teradata.`

			`The teradata_odbc_login module can be used to brute-force credentials.`

			`## Extra Requirements`

			`This module requires the Teradata ODBC driver and the Teradata python library.`

			`### ODBC Driver for Kali Linux 2017.3`
			`1. Download the Teradata ODBC driver for Ubuntu from [downloads.teradata.com](https://downloads.teradata.com/download/connectivity/odbc-driver/linux).`
			`2. Refer to the Ubuntu package README for up-to-date instructions.`
			`1. Install lib32stdc++6 if necessary.`
			2. Install the ODBC drivers: `dpkg -i [package].deb`
			`3. Copy /opt/teradata/client/ODBC_64/odbc.ini to /root/.odbc.ini .`
			`* Or your home directory if not root.`
			`* Make sure odbc.ini has been renamed to .obdc.ini .`

Add note about Teradata configuration for OS X 2018-06-27 15:33:50 -05:00			`### Configuration for OS X`

			On OS X the Python client needs to be pointed to the ODBC driver manually. Create `~/udaexec.ini` with the following contents:
			```ini
			`[CONFIG]`

			`odbcLibPath=/usr/lib/libiodbc.dylib`
			```

Added Teradata ODBC Login and SQL modules and documentation 2018-05-29 10:12:43 -05:00			`### Python Package`
			```
			`pip install teradata`
			```
			`## Verification Steps`
			`1. Deploy a [Teradata Express](https://www.teradata.com/products-and-services/teradata-express) test environment.`
			`2. Install the OBCD driver and python package.`
			`3. Start msfconsole.`
			4. Do: `use auxiliary/admin/teradata/teradata_odbc_sql`
			5. Do: `set RHOSTS [IPs]`
			6. Do: `set USERNAME [username to try]`
			7. Do: `set PASSWORD [password to try]`
			`* The default Teradata credentials are the matching username and password 'DBC'.`
			`8. Set a SQL query for the 'SQL' option.`
			* The default is `SELECT DATABASENAME FROM DBC.DATABASES`
			9. Do: `run`

			```
			`msf > use auxiliary/admin/teradata/teradata_odbc_sql`
			`msf auxiliary(admin/teradata/teradata_odbc_sql) > show options`

			`Module options (auxiliary/admin/teradata/teradata_odbc_sql):`

			`Name Current Setting Required Description`
			`---- --------------- -------- -----------`
			`PASSWORD dbc yes Password`
			`RHOSTS yes The target address range or CIDR identifier`
			`SQL SELECT DATABASENAME FROM DBC.DATABASES yes SQL query to perform`
			`THREADS 1 yes The number of concurrent threads`
			`USERNAME dbc yes Username`

			`msf auxiliary(admin/teradata/teradata_odbc_sql) > set RHOSTS 192.168.0.2`
			`RHOSTS => 192.168.0.2`
			`msf auxiliary(admin/teradata/teradata_odbc_sql) > run`

			`[*] Running for 192.168.0.2...`
			`[*] 192.168.0.2 - dbc:dbc - Starting`
			`[*] 192.168.0.2 - Creating connection: %s`
			`[*] 192.168.0.2 - Loading ODBC Library: %s`
			`[*] 192.168.0.2 - Available drivers: Teradata Database ODBC Driver 16.20,`
			`[*] 192.168.0.2 - Connection successful. Duration: %.3f seconds. Details: %s`
			`[+] 192.168.0.2 - dbc:dbc - Login Successful`
			`[*] 192.168.0.2 - Starting - SELECT DATABASENAME FROM DBC.DATABASES`
			`[*] 192.168.0.2 - Query Successful. Duration: %.3f seconds,%sQuery: %s%s`
			`[+] 192.168.0.2 - Row 1: [DatabaseUser ]`
			`[+] 192.168.0.2 - Row 2: [All ]`
			`[+] 192.168.0.2 - Row 3: [SYSJDBC ]`
			`[+] 192.168.0.2 - Row 4: [TDStats ]`
			`[+] 192.168.0.2 - Row 5: [TD_SYSXML ]`
			`[+] 192.168.0.2 - Row 6: [PUBLIC ]`
			`[+] 192.168.0.2 - Row 7: [DBC ]`
			`[+] 192.168.0.2 - Row 8: [SYSBAR ]`
			`[+] 192.168.0.2 - Row 9: [TD_SYSGPL ]`
			`[+] 192.168.0.2 - Row 10: [SYSLIB ]`
			`[+] 192.168.0.2 - Row 11: [SQLJ ]`
			`[+] 192.168.0.2 - Row 12: [LockLogShredder ]`
			`[+] 192.168.0.2 - Row 13: [Default ]`
			`[+] 192.168.0.2 - Row 14: [TDPUSER ]`
			`[+] 192.168.0.2 - Row 15: [TD_SYSFNLIB ]`
			`[+] 192.168.0.2 - Row 16: [EXTUSER ]`
			`[+] 192.168.0.2 - Row 17: [tdwm ]`
			`[+] 192.168.0.2 - Row 18: [SystemFe ]`
			`[+] 192.168.0.2 - Row 19: [External_AP ]`
			`[+] 192.168.0.2 - Row 20: [TDQCD ]`
			`[+] 192.168.0.2 - Row 21: [dbcmngr ]`
			`[+] 192.168.0.2 - Row 22: [Sys_Calendar ]`
			`[+] 192.168.0.2 - Row 23: [SysAdmin ]`
			`[+] 192.168.0.2 - Row 24: [TD_SERVER_DB ]`
			`[+] 192.168.0.2 - Row 25: [TDMaps ]`
			`[+] 192.168.0.2 - Row 26: [SYSUDTLIB ]`
			`[+] 192.168.0.2 - Row 27: [Crashdumps ]`
			`[+] 192.168.0.2 - Row 28: [SYSSPATIAL ]`
			`[+] 192.168.0.2 - Row 29: [MyUser ]`
			`[+] 192.168.0.2 - Row 30: [SYSUIF ]`
			`[*] Scanned 1 of 1 hosts (100% complete)`
			`[*] Auxiliary module execution completed`
			```