Oracle version module for metasploit

Viewing 3 reply threads
  • Author
    Posts
    • #3181
      Anonymous
      Participant

      Been doing a bit of oracle hacking lately.

      I’m happy to announce that thanks to help from MC, I pushed out a oracle_version scanner module today for MSF that uses MC’s TNS mixin.

      here it is in action:


      msf > use auxiliary/scanner/oracle/oracle_version
      msf auxiliary(oracle_version) > info

      Name: Oracle Version Enumeration.
      Version: $Revision$

      Provided by:
      CG

      Basic options:
      Name Current Setting Required Description
      ----


      RHOSTS yes The target address range or CIDR identifier
      RPORT 1521 yes The target port
      THREADS 1 yes The number of concurrent threads

      Description:
      This module simply queries the TNS listner for the Oracle build..

      msf auxiliary(oracle_version) > set RHOSTS 192.168.0.0/24
      RHOSTS => 192.168.0.0/24
      msf auxiliary(oracle_version) > run

      [-] The connection timed out (192.168.0.0:1521).
      [-] The connection timed out (192.168.0.1:1521).
      [-] The connection timed out (192.168.0.2:1521).
      [-] The connection timed out (192.168.0.3:1521).
      [-] The connection timed out (192.168.0.4:1521).
      [-] The connection timed out (192.168.0.5:1521).
      [-] The connection timed out (192.168.0.6:1521).
      [-] The connection timed out (192.168.0.7:1521).
      [-] The connection was refused by the remote host (192.168.0.8:1521).
      [-] The connection timed out (192.168.0.9:1521).
      [-] The connection timed out (192.168.0.10:1521).
      [-] The connection was refused by the remote host (192.168.0.11:1521).
      [*] Host 192.168.0.12 is running: 32-bit Windows: Version 10.2.0.1.0 - Production
      [-] The connection timed out (192.168.0.13:1521).
      [*] Host 192.168.0.14 is running: Linux: Version 10.2.0.1.0 - Production
      [-] The connection timed out (192.168.0.15:1521).
      [-] The connection timed out (192.168.0.16:1521).
      ---SNIP---You get the idea---

      If you are running the framework trunk, you can svn up and get the aux module as well as MC’s 8i TNS overflow exploit.

    • #21229
      jason
      Participant

      Handy. I’ll have to give it a spin  🙂

    • #21230
      BillV
      Participant

      Cool! Nice work Chris

    • #21231
      RoleReversal
      Participant

      Don’t do much Oracle stuff but I’ll need to bear that in mind. Cheers for sharing Chris.

Viewing 3 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?