From 7f59cf5035613a3bd3e717a045f1de2f1060d632 Mon Sep 17 00:00:00 2001
From: Tod Beardsley <tod_beardsley@rapid7.com>
Date: Fri, 23 May 2014 15:18:54 -0500
Subject: [PATCH] Ora XID HTTP needn't edit DBUSER (@cellabosm)

Looks like copypasta artifacts. DBUSER and DBPASS aren't ever set as
options in the module, and the module doesn't include MC's
Exploit::ORACLE mixin. It's also from four years ago and doesn't
report_auth or anything useful like that, but that's out of scope for
this branch.
---
 modules/auxiliary/scanner/oracle/xdb_sid_brute.rb | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/modules/auxiliary/scanner/oracle/xdb_sid_brute.rb b/modules/auxiliary/scanner/oracle/xdb_sid_brute.rb
index bee4244a5e..cac758bf01 100644
--- a/modules/auxiliary/scanner/oracle/xdb_sid_brute.rb
+++ b/modules/auxiliary/scanner/oracle/xdb_sid_brute.rb
@@ -32,7 +32,6 @@ class Metasploit3 < Msf::Auxiliary
           OptString.new('CSVFILE', [ false, 'The file that contains a list of default accounts.', File.join(Msf::Config.install_root, 'data', 'wordlists', 'oracle_default_passwords.csv')]),
           Opt::RPORT(8080),
         ], self.class)
-    deregister_options('DBUSER','DBPASS')
   end
 
   def run_host(ip)
@@ -57,9 +56,9 @@ class Metasploit3 < Msf::Auxiliary
 
     fd = CSV.foreach(list) do |brute|
 
-      datastore['DBUSER'] = brute[2].downcase
-      datastore['DBPASS'] = brute[3].downcase
-      user_pass = "#{datastore['DBUSER']}:#{datastore['DBPASS']}"
+      dbuser = brute[2].downcase
+      dbpass = brute[3].downcase
+      user_pass = "#{dbuser}:#{dbpass}"
 
       res = send_request_raw({
         'uri'     => '/oradb/PUBLIC/GLOBAL_NAME',
@@ -72,7 +71,7 @@ class Metasploit3 < Msf::Auxiliary
       }, 10)
 
       if( not res )
-        vprint_error("Unable to retrieve SID for #{ip}:#{datastore['RPORT']} with #{datastore['DBUSER']} / #{datastore['DBPASS']}...")
+        vprint_error("Unable to retrieve SID for #{ip}:#{datastore['RPORT']} with #{dbuser} / #{dbpass}...")
         next
       end
       if (res.code == 200)
@@ -89,10 +88,10 @@ class Metasploit3 < Msf::Auxiliary
           :data => sid,
           :update => :unique_data
         )
-        print_good("Discovered SID: '#{sid[0]}' for host #{ip}:#{datastore['RPORT']} with #{datastore['DBUSER']} / #{datastore['DBPASS']}")
+        print_good("Discovered SID: '#{sid[0]}' for host #{ip}:#{datastore['RPORT']} with #{dbuser} / #{dbpass}")
         users.push(user_pass)
       else
-        vprint_error("Unable to retrieve SID for #{ip}:#{datastore['RPORT']} with #{datastore['DBUSER']} / #{datastore['DBPASS']}...")
+        vprint_error("Unable to retrieve SID for #{ip}:#{datastore['RPORT']} with #{dbuser} / #{dbpass}...")
       end
     end #fd.each