Been doing a bit of oracle hacking lately.

I'm happy to announce that thanks to help from MC, I pushed out a oracle_version scanner module today for MSF that uses MC's TNS mixin.

here it is in action:

Code:

msf > use auxiliary/scanner/oracle/oracle_version
msf auxiliary(oracle_version) > info

Name: Oracle Version Enumeration.
Version: $Revision$

Provided by:
CG

Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
RHOSTS yes The target address range or CIDR identifier
RPORT 1521 yes The target port
THREADS 1 yes The number of concurrent threads

Description:
This module simply queries the TNS listner for the Oracle build..

msf auxiliary(oracle_version) > set RHOSTS 192.168.0.0/24
RHOSTS => 192.168.0.0/24
msf auxiliary(oracle_version) > run

[-] The connection timed out (192.168.0.0:1521).
[-] The connection timed out (192.168.0.1:1521).
[-] The connection timed out (192.168.0.2:1521).
[-] The connection timed out (192.168.0.3:1521).
[-] The connection timed out (192.168.0.4:1521).
[-] The connection timed out (192.168.0.5:1521).
[-] The connection timed out (192.168.0.6:1521).
[-] The connection timed out (192.168.0.7:1521).
[-] The connection was refused by the remote host (192.168.0.8:1521).
[-] The connection timed out (192.168.0.9:1521).
[-] The connection timed out (192.168.0.10:1521).
[-] The connection was refused by the remote host (192.168.0.11:1521).
[*] Host 192.168.0.12 is running: 32-bit Windows: Version 10.2.0.1.0 - Production
[-] The connection timed out (192.168.0.13:1521).
[*] Host 192.168.0.14 is running: Linux: Version 10.2.0.1.0 - Production
[-] The connection timed out (192.168.0.15:1521).
[-] The connection timed out (192.168.0.16:1521).
---SNIP---You get the idea---

If you are running the framework trunk, you can svn up and get the aux module as well as MC's 8i TNS overflow exploit.

EH-Net

Columns => Gates => Topic started by: LSOChris on January 07, 2009, 09:26:58 PM