lib/msf/core/exploit/oracle.rb

###
#
# This module provides methods for communicating with a host running oracle.
# Dependencies:
# 	- Oracle Instant Client
# 	- ruby-dbi
# 	- ruby-oci8
#
###

module Msf
module Exploit::ORACLE 
	
	def initialize(info = {})
		super

		register_options(
			[
			OptString.new('RHOST',  [ true, 'The Oracle host.',                   '']),
			OptString.new('RPORT',  [ true, 'The TNS port.',                      '1521']),
			OptString.new('SID',    [ true, 'The sid to authenticate with.',      'ORCL']),
			OptString.new('DBUSER', [ true, 'The username to authenticate with.', 'SCOTT']),
			OptString.new('DBPASS', [ true, 'The password to authenticate with.', 'TIGER']),
			], Msf::Exploit::ORACLE
		)

		begin
			require 'rubygems'
			gem 'dbi'
			require 'dbi'
			@havedbi = true
		rescue ::LoadError
			@havedbi = false
		end
		
		if(not @havedbi)
			begin
				require 'dbi'
				@havedbi = true
			rescue ::LoadError
				@havedbi = false
			end
		end
	end
	
	def connect
		print_status("Connecting to #{datastore['RHOST']}:#{datastore['RPORT']}/#{datastore['SID']}...")

		if ( not @havedbi )
			print_error("The dbi module is not available!")
			raise RuntimeError, "The dbi module is not available!"
		end
		

		begin
			handle = DBI.connect(
				"DBI:OCI8://#{datastore['RHOST']}:#{datastore['RPORT']}/#{datastore['SID']}",
				"#{datastore['DBUSER']}",
				"#{datastore['DBPASS']}"
				)
		rescue ::DBI::DatabaseError => e
			print_error("Oracle DB connection failed: #{e.class} #{e.to_s}")
			handle.disconnect_all if handle
			return
		rescue ::Interrupt
			raise $!
		rescue DBI::InterfaceError
			print_error("The Oracle Database Instant Client has not been installed")
			raise RuntimeError, "Missing OCI8 DBI driver"
		end

	end

	def disconnect
		disconnect_all
	end

	def prepare_exec(exec)
		begin
			sploit = connect.prepare(exec)
			sploit.execute
		rescue DBI::DatabaseError => e
			print_status("#{e.to_s}")
			return
		end

		begin
			sploit.each do | data |
			print_status("#{data.join(",").to_s}")	
		end
			print_status("Done...")
			sploit.finish
		rescue DBI::DatabaseError => e
			#print_error("#{e.to_s}")
			if ( e.to_s =~ /ORA-24374: define not done before fetch or execute and fetch/ )
				print_status("Done...")
			else
				return
			end
		end
	end
	
end
end
addition of oracle mixin and sql client. 2009-07-14 03:55:32 +00:00			`###`
			`#`
			`# This module provides methods for communicating with a host running oracle.`
			`# Dependencies:`
			`# - Oracle Instant Client`
			`# - ruby-dbi`
			`# - ruby-oci8`
			`#`
			`###`

			`module Msf`
			`module Exploit::ORACLE`

			`def initialize(info = {})`
			`super`

			`register_options(`
			`[`
bleh.. a bit of tabs vs spaces 2009-10-16 18:27:18 +00:00			`OptString.new('RHOST', [ true, 'The Oracle host.', '']),`
			`OptString.new('RPORT', [ true, 'The TNS port.', '1521']),`
			`OptString.new('SID', [ true, 'The sid to authenticate with.', 'ORCL']),`
			`OptString.new('DBUSER', [ true, 'The username to authenticate with.', 'SCOTT']),`
			`OptString.new('DBPASS', [ true, 'The password to authenticate with.', 'TIGER']),`
addition of oracle mixin and sql client. 2009-07-14 03:55:32 +00:00			`], Msf::Exploit::ORACLE`
			`)`
bleh.. a bit of tabs vs spaces 2009-10-16 18:27:18 +00:00
addition of oracle mixin and sql client. 2009-07-14 03:55:32 +00:00			`begin`
Fixes #322 , hooks the appropriate dbi error, also tries to load dbi via rubygems now 2009-08-27 20:13:37 +00:00			`require 'rubygems'`
			`gem 'dbi'`
addition of oracle mixin and sql client. 2009-07-14 03:55:32 +00:00			`require 'dbi'`
			`@havedbi = true`
			`rescue ::LoadError`
			`@havedbi = false`
			`end`
Fixes #322 , hooks the appropriate dbi error, also tries to load dbi via rubygems now 2009-08-27 20:13:37 +00:00
			`if(not @havedbi)`
addition of oracle mixin and sql client. 2009-07-14 03:55:32 +00:00			`begin`
Fixes #322 , hooks the appropriate dbi error, also tries to load dbi via rubygems now 2009-08-27 20:13:37 +00:00			`require 'dbi'`
			`@havedbi = true`
			`rescue ::LoadError`
			`@havedbi = false`
addition of oracle mixin and sql client. 2009-07-14 03:55:32 +00:00			`end`
			`end`
Fixes #322 , hooks the appropriate dbi error, also tries to load dbi via rubygems now 2009-08-27 20:13:37 +00:00			`end`

			`def connect`
			`print_status("Connecting to #{datastore['RHOST']}:#{datastore['RPORT']}/#{datastore['SID']}...")`
addition of oracle mixin and sql client. 2009-07-14 03:55:32 +00:00
Fixes #322 , hooks the appropriate dbi error, also tries to load dbi via rubygems now 2009-08-27 20:13:37 +00:00			`if ( not @havedbi )`
			`print_error("The dbi module is not available!")`
			`raise RuntimeError, "The dbi module is not available!"`
addition of oracle mixin and sql client. 2009-07-14 03:55:32 +00:00			`end`
Fixes #322 , hooks the appropriate dbi error, also tries to load dbi via rubygems now 2009-08-27 20:13:37 +00:00
addition of oracle mixin and sql client. 2009-07-14 03:55:32 +00:00
Fixes #322 , hooks the appropriate dbi error, also tries to load dbi via rubygems now 2009-08-27 20:13:37 +00:00			`begin`
			`handle = DBI.connect(`
			`"DBI:OCI8://#{datastore['RHOST']}:#{datastore['RPORT']}/#{datastore['SID']}",`
			`"#{datastore['DBUSER']}",`
			`"#{datastore['DBPASS']}"`
			`)`
			`rescue ::DBI::DatabaseError => e`
			`print_error("Oracle DB connection failed: #{e.class} #{e.to_s}")`
			`handle.disconnect_all if handle`
			`return`
			`rescue ::Interrupt`
			`raise $!`
			`rescue DBI::InterfaceError`
			`print_error("The Oracle Database Instant Client has not been installed")`
			`raise RuntimeError, "Missing OCI8 DBI driver"`
			`end`
addition of oracle mixin and sql client. 2009-07-14 03:55:32 +00:00
Fixes #322 , hooks the appropriate dbi error, also tries to load dbi via rubygems now 2009-08-27 20:13:37 +00:00			`end`

			`def disconnect`
			`disconnect_all`
			`end`

			`def prepare_exec(exec)`
			`begin`
			`sploit = connect.prepare(exec)`
			`sploit.execute`
			`rescue DBI::DatabaseError => e`
			`print_status("#{e.to_s}")`
			`return`
			`end`

			`begin`
			`sploit.each do \| data \|`
			`print_status("#{data.join(",").to_s}")`
			`end`
			`print_status("Done...")`
			`sploit.finish`
			`rescue DBI::DatabaseError => e`
			`#print_error("#{e.to_s}")`
			`if ( e.to_s =~ /ORA-24374: define not done before fetch or execute and fetch/ )`
addition of oracle mixin and sql client. 2009-07-14 03:55:32 +00:00			`print_status("Done...")`
Fixes #322 , hooks the appropriate dbi error, also tries to load dbi via rubygems now 2009-08-27 20:13:37 +00:00			`else`
			`return`
addition of oracle mixin and sql client. 2009-07-14 03:55:32 +00:00			`end`
			`end`
			`end`
Fixes #322 , hooks the appropriate dbi error, also tries to load dbi via rubygems now 2009-08-27 20:13:37 +00:00
addition of oracle mixin and sql client. 2009-07-14 03:55:32 +00:00			`end`
			`end`