Mario Ceballos
212dc2f2b0
git-svn-id: file:///home/svn/framework3/trunk@6796 4d416f70-5f16-0410-b530-b9f4589650da
92 lines
2.1 KiB
Ruby
92 lines
2.1 KiB
Ruby
###
|
|
#
|
|
# This module provides methods for communicating with a host running oracle.
|
|
# Dependencies:
|
|
# - Oracle Instant Client
|
|
# - ruby-dbi
|
|
# - ruby-oci8
|
|
#
|
|
###
|
|
|
|
module Msf
|
|
module Exploit::ORACLE
|
|
|
|
def initialize(info = {})
|
|
super
|
|
|
|
register_options(
|
|
[
|
|
OptString.new('RHOST', [ true, 'The Oracle host.', '']),
|
|
OptString.new('RPORT', [ true, 'The TNS port.', '1521']),
|
|
OptString.new('SID', [ true, 'The sid to authenticate with.', 'ORCL']),
|
|
OptString.new('DBUSER', [ true, 'The username to authenticate with.', 'SCOTT']),
|
|
OptString.new('DBPASS', [ true, 'The password to authenticate with.', 'TIGER']),
|
|
], Msf::Exploit::ORACLE
|
|
)
|
|
|
|
begin
|
|
require 'dbi'
|
|
@havedbi = true
|
|
rescue ::LoadError
|
|
@havedbi = false
|
|
end
|
|
|
|
def connect
|
|
|
|
if ( not @havedbi )
|
|
print_error("The dbi module is not available!")
|
|
raise RuntimeError, "The dbi module is not available!"
|
|
end
|
|
|
|
# OSX/Linux
|
|
if ( ENV['DYLD_LIBRARY_PATH'] =~ /instantclient/ || ENV['LD_LIBRARY_PATH'] =~ /instantclient/ )
|
|
else
|
|
print_error("Oracle Database Instant Client is not available!")
|
|
raise RuntimeError, "Oracle Database Instant Client is not available!"
|
|
end
|
|
|
|
begin
|
|
handle = DBI.connect(
|
|
"DBI:OCI8://#{datastore['RHOST']}:#{datastore['RPORT']}/#{datastore['SID']}",
|
|
"#{datastore['DBUSER']}",
|
|
"#{datastore['DBPASS']}"
|
|
)
|
|
rescue DBI::DatabaseError => e
|
|
print_error("#{e.to_s}")
|
|
handle.disconnect_all if handle
|
|
return
|
|
end
|
|
end
|
|
|
|
def disconnect
|
|
disconnect_all
|
|
end
|
|
|
|
def prepare_exec(exec)
|
|
begin
|
|
sploit = connect.prepare(exec)
|
|
sploit.execute
|
|
rescue DBI::DatabaseError => e
|
|
print_status("#{e.to_s}")
|
|
return
|
|
end
|
|
|
|
begin
|
|
sploit.each do | data |
|
|
print_status("#{data.join(",").to_s}")
|
|
end
|
|
print_status("Done...")
|
|
sploit.finish
|
|
rescue DBI::DatabaseError => e
|
|
#print_error("#{e.to_s}")
|
|
if ( e.to_s =~ /ORA-24374: define not done before fetch or execute and fetch/ )
|
|
print_status("Done...")
|
|
else
|
|
return
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|