### # # This module provides methods for communicating with a host running oracle. # Dependencies: # - Oracle Instant Client # - ruby-dbi # - ruby-oci8 # ### module Msf module Exploit::ORACLE def initialize(info = {}) super register_options( [ OptString.new('RHOST', [ true, 'The Oracle host.', '']), OptString.new('RPORT', [ true, 'The TNS port.', '1521']), OptString.new('SID', [ true, 'The sid to authenticate with.', 'ORCL']), OptString.new('DBUSER', [ true, 'The username to authenticate with.', 'SCOTT']), OptString.new('DBPASS', [ true, 'The password to authenticate with.', 'TIGER']), ], Msf::Exploit::ORACLE ) begin require 'dbi' @havedbi = true rescue ::LoadError @havedbi = false end def connect if ( not @havedbi ) print_error("The dbi module is not available!") raise RuntimeError, "The dbi module is not available!" end # OSX/Linux if ( ENV['DYLD_LIBRARY_PATH'] =~ /instantclient/ || ENV['LD_LIBRARY_PATH'] =~ /instantclient/ ) else print_error("Oracle Database Instant Client is not available!") raise RuntimeError, "Oracle Database Instant Client is not available!" end begin handle = DBI.connect( "DBI:OCI8://#{datastore['RHOST']}:#{datastore['RPORT']}/#{datastore['SID']}", "#{datastore['DBUSER']}", "#{datastore['DBPASS']}" ) rescue DBI::DatabaseError => e print_error("#{e.to_s}") handle.disconnect_all if handle return end end def disconnect disconnect_all end def prepare_exec(exec) begin sploit = connect.prepare(exec) sploit.execute rescue DBI::DatabaseError => e print_status("#{e.to_s}") return end begin sploit.each do | data | print_status("#{data.join(",").to_s}") end print_status("Done...") sploit.finish rescue DBI::DatabaseError => e #print_error("#{e.to_s}") if ( e.to_s =~ /ORA-24374: define not done before fetch or execute and fetch/ ) print_status("Done...") else return end end end end end end