Been doing a bit of oracle hacking lately.
I'm happy to announce that thanks to help from MC, I pushed out a oracle_version scanner module today for MSF that uses MC's TNS mixin.
here it is in action:
msf > use auxiliary/scanner/oracle/oracle_version
msf auxiliary(oracle_version) > info
Name: Oracle Version Enumeration.
Version: $Revision$
Provided by:
CG
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
RHOSTS yes The target address range or CIDR identifier
RPORT 1521 yes The target port
THREADS 1 yes The number of concurrent threads
Description:
This module simply queries the TNS listner for the Oracle build..
msf auxiliary(oracle_version) > set RHOSTS 192.168.0.0/24
RHOSTS => 192.168.0.0/24
msf auxiliary(oracle_version) > run
[-] The connection timed out (192.168.0.0:1521).
[-] The connection timed out (192.168.0.1:1521).
[-] The connection timed out (192.168.0.2:1521).
[-] The connection timed out (192.168.0.3:1521).
[-] The connection timed out (192.168.0.4:1521).
[-] The connection timed out (192.168.0.5:1521).
[-] The connection timed out (192.168.0.6:1521).
[-] The connection timed out (192.168.0.7:1521).
[-] The connection was refused by the remote host (192.168.0.8:1521).
[-] The connection timed out (192.168.0.9:1521).
[-] The connection timed out (192.168.0.10:1521).
[-] The connection was refused by the remote host (192.168.0.11:1521).
[*] Host 192.168.0.12 is running: 32-bit Windows: Version 10.2.0.1.0 - Production
[-] The connection timed out (192.168.0.13:1521).
[*] Host 192.168.0.14 is running: Linux: Version 10.2.0.1.0 - Production
[-] The connection timed out (192.168.0.15:1521).
[-] The connection timed out (192.168.0.16:1521).
---SNIP---You get the idea---
If you are running the framework trunk, you can svn up and get the aux module as well as MC's 8i TNS overflow exploit.
Gates : Chris Gates' Blog RSA Finalist
