Land #3700, @ringt fix for oracle_login

* Avoid retrying logins when connection cannot be stablished
2015-01-09 22:59:32 -06:00 · 2015-01-09 22:59:32 -06:00 · bedbffa377
parent 6d2bc23a7f 38c36b49fb
commit bedbffa377
1 changed files with 14 additions and 13 deletions
--- a/modules/auxiliary/admin/oracle/oracle_login.rb
+++ b/modules/auxiliary/admin/oracle/oracle_login.rb
@ -44,27 +44,28 @@ class Metasploit3 < Msf::Auxiliary
    print_status("Starting brute force on #{datastore['RHOST']}:#{datastore['RPORT']}...")

    fd = CSV.foreach(list) do |brute|
+      datastore['DBUSER'] = brute[2].downcase
+      datastore['DBPASS'] = brute[3].downcase

-    datastore['DBUSER'] = brute[2].downcase
-    datastore['DBPASS'] = brute[3].downcase
-
-    begin
-      connect
-      disconnect
-    rescue ::OCIError => e
+      begin
+        connect
+        disconnect
+      rescue ::OCIError => e
+        if e.to_s =~ /^ORA-12170:\s/
+          print_error("#{datastore['RHOST']}:#{datastore['RPORT']} Connection timed out")
+          break
+        end
      else
-        if (not e)
-          report_auth_info(
+        report_auth_info(
            :host  => "#{datastore['RHOST']}",
            :port  => "#{datastore['RPORT']}",
            :sname => 'oracle',
            :user  => "#{datastore['SID']}/#{datastore['DBUSER']}",
            :pass  => "#{datastore['DBPASS']}",
            :active => true
-          )
-          print_status("Found user/pass of: #{datastore['DBUSER']}/#{datastore['DBPASS']} on #{datastore['RHOST']} with sid #{datastore['SID']}")
-        end
-    end
+        )
+        print_status("Found user/pass of: #{datastore['DBUSER']}/#{datastore['DBPASS']} on #{datastore['RHOST']} with sid #{datastore['SID']}")
+      end
    end
  end
 end