2018-05-29 15:12:43 +00:00
|
|
|
#!/usr/bin/env python2.7
|
|
|
|
# -*- coding: utf-8 -*-
|
|
|
|
#2018-05-09 14-15
|
|
|
|
|
|
|
|
# Standard Modules
|
|
|
|
import logging
|
|
|
|
|
|
|
|
# Extra Modules
|
|
|
|
dependencies_missing = False
|
|
|
|
try:
|
|
|
|
import teradata
|
|
|
|
except ImportError:
|
|
|
|
dependencies_missing = True
|
|
|
|
|
|
|
|
from metasploit import module
|
|
|
|
|
|
|
|
|
|
|
|
# Metasploit Metadata
|
|
|
|
metadata = {
|
|
|
|
'name': 'Teradata ODBC SQL Query Module',
|
|
|
|
'description': '''
|
|
|
|
SQL query module for ODBC connections to local Teradata databases.
|
|
|
|
|
|
|
|
Port specification (TCP 1025 by default) is not necessary for ODBC connections.
|
|
|
|
|
|
|
|
Requires ODBC driver and Python Teradata module.
|
|
|
|
''',
|
|
|
|
'authors': [
|
|
|
|
'Ted Raffle (actuated)'
|
|
|
|
],
|
|
|
|
'date': '2018-03-29',
|
|
|
|
'license': 'MSF_LICENSE',
|
|
|
|
'references': [
|
|
|
|
{'type': 'url', 'ref': 'https://developer.teradata.com/tools/reference/teradata-python-module'},
|
2018-09-13 18:09:01 +00:00
|
|
|
{'type': 'url', 'ref': 'https://downloads.teradata.com/download/connectivity/odbc-driver/linux'}
|
2018-05-29 15:12:43 +00:00
|
|
|
],
|
|
|
|
'type': 'single_scanner',
|
|
|
|
'options': {
|
2018-06-27 20:12:21 +00:00
|
|
|
'rhost': {'type': 'address', 'description': 'Host to target', 'required': True},
|
|
|
|
'rport': {'type': 'port', 'description': 'Port to target, ignored by the ODBC driver', 'required': True, 'default': 1025},
|
|
|
|
'username': {'type': 'string', 'description': 'Username', 'required': True, 'default': 'dbc'},
|
|
|
|
'password': {'type': 'string', 'description': 'Password', 'required': True, 'default': 'dbc'},
|
|
|
|
'sql': {'type': 'string', 'description': 'SQL query to perform', 'required': True, 'default': 'SELECT DATABASENAME FROM DBC.DATABASES'},
|
2018-09-13 18:09:01 +00:00
|
|
|
},
|
|
|
|
'notes': {
|
|
|
|
'AKA': ['Teradata ODBC Authentication Scanner']
|
2018-05-29 15:12:43 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
# Run function
|
|
|
|
def run(args):
|
|
|
|
|
|
|
|
# Define UdaExec ODBC connection "application", must be before LogHandler
|
|
|
|
udaExec = teradata.UdaExec(appName="Auth", version="1.0", logConsole=False, configureLogging=False)
|
|
|
|
|
|
|
|
# Metasploit LogHandler
|
|
|
|
module.LogHandler.setup(msg_prefix='{} - '.format(args['rhost']))
|
|
|
|
|
|
|
|
# Return error for missing dependency
|
|
|
|
if dependencies_missing:
|
|
|
|
logging.error('Python Teradata module missing, cannot continue')
|
|
|
|
return
|
|
|
|
|
|
|
|
# Set variables to current RHOST, and USERNAME and PASSWORD options
|
|
|
|
host = args['rhost']
|
2018-06-27 20:34:29 +00:00
|
|
|
user = args['username']
|
|
|
|
password = args['password']
|
2018-05-29 15:12:43 +00:00
|
|
|
|
|
|
|
# Perform login attempt
|
|
|
|
module.log(host + ' - ' + user + ':' + password + ' - Starting')
|
2018-06-27 20:12:21 +00:00
|
|
|
try:
|
2018-05-29 15:12:43 +00:00
|
|
|
session = udaExec.connect(method="odbc", system=host, username=user, password=password);
|
|
|
|
except teradata.api.Error as e:
|
|
|
|
logging.error(user + ':' + password + ' - ' + format(e))
|
|
|
|
return
|
|
|
|
else:
|
|
|
|
module.log(host + ' - ' + user + ':' + password + ' - Login Successful', level='good')
|
|
|
|
try:
|
2018-06-27 20:34:29 +00:00
|
|
|
query = args['sql']
|
2018-05-29 15:12:43 +00:00
|
|
|
module.log(host + ' - Starting - ' + query)
|
|
|
|
for row in session.execute(query):
|
|
|
|
outputRow=str(row)
|
|
|
|
module.log(host + ' - ' + outputRow, level='good')
|
|
|
|
except teradata.api.Error as e:
|
|
|
|
logging.error(format(e))
|
|
|
|
return
|
|
|
|
|
|
|
|
|
|
|
|
if __name__ == '__main__':
|
|
|
|
module.run(metadata, run)
|