infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Removed schema features from database hashdump modules 

now that there are dedicated schemadump modules.
unstable
David Maloney 2012-01-28 16:55:39 -06:00
parent 5a095e8ef5
commit ca7aa21202
4 changed files with 5 additions and 148 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
modules/auxiliary/scanner/mssql/mssql_hashdump.rb
View File

@ -30,7 +30,7 @@ class Metasploit3 < Msf::Auxiliary
This module also saves information about the server version and
table names, which can be used to seed the wordlist.
},
'Author' => ['TheLightCosine <thelightcosine[at]gmail.com>'],
'Author' => ['TheLightCosine <thelightcosine[at]metasploit.com>'],
'License' => MSF_LICENSE
)
end
@ -48,60 +48,13 @@ class Metasploit3 < Msf::Auxiliary
version = mssql_query(mssql_sql_info())[:rows][0][0]
version_year = version.split('-')[0].slice(/\d\d\d\d/)
#Grab all the DB schema and save it as notes
mssql_db_names = get_db_names()
mssql_schema={}
unless mssql_db_names.nil?
mssql_db_names.each do |dbname|
tmp_tblnames = get_tbl_names(dbname[0])
unless tmp_tblnames.nil?
mssql_schema[dbname]=[]
tmp_tblnames.each{|tblname| mssql_schema[dbname] << tblname[0] unless tblname[0].nil?}
end
end
end
mssql_hashes = mssql_hashdump(version_year)
report_other_data(mssql_schema,{'InstanceName' => instancename, 'Version' => version} ,version_year)
unless mssql_hashes.nil?
report_hashes(mssql_hashes,version_year)
end
end
def report_other_data(mssql_schema,instancename,version_year)
unless mssql_schema.nil?
report_note(
:host => rhost,
:type => "mssql.schema",
:data => mssql_schema,
:port => rport,
:proto => 'tcp',
:update => :unique_data
)
end
unless instancename.nil?
report_note(
:host => rhost,
:type => "mssql.instancename",
:data => instancename
)
end
unless version_year.nil?
report_note(
:host => rhost,
:type => "mssql.version_year",
:data => version_year,
:port => rport,
:proto => 'tcp',
:update => :unique_data
)
end
end
#Stores the grabbed hashes as loot for later cracking
#The hash format is slightly different between 2k and 2k5/2k8
@ -161,20 +114,6 @@ class Metasploit3 < Msf::Auxiliary
end
#Gets all of the Databases on this Instance
def get_db_names
results = mssql_query(mssql_db_names())[:rows]
return results
end
#Gets all the table names for the given DB
def get_tbl_names(db_name)
results = mssql_query("SELECT name FROM #{db_name}..sysobjects WHERE xtype = 'U'")[:rows]
return results
end
end

50
modules/auxiliary/scanner/mysql/mysql_hashdump.rb
View File

@ -26,7 +26,7 @@ class Metasploit3 < Msf::Auxiliary
This module extracts the usernames and encrypted password
hashes from a MySQL server and stores them for later cracking.
},
'Author' => ['TheLightCosine <thelightcosine[at]gmail.com>'],
'Author' => ['TheLightCosine <thelightcosine[at]metasploit.com>'],
'License' => MSF_LICENSE
)
end
@ -69,21 +69,7 @@ class Metasploit3 < Msf::Auxiliary
report_hashes(tbl.to_csv, this_service) unless tbl.rows.empty?
#Recursively grab the schema for the entire DB server
mysql_schema={}
res = mysql_query("show databases")
if res.size > 0
res.each do |row|
next if row[0].nil?
next if row[0].empty?
next if row[0]== "information_schema"
next if row[0]== "mysql"
next if row[0]== "performance_schema"
next if row[0]== "test"
mysql_schema[row[0]]= get_tbl_names(row[0])
end
end
report_other_data(mysql_schema)
end
#Stores the Hash Table as Loot for Later Cracking
@ -95,37 +81,5 @@ class Metasploit3 < Msf::Auxiliary
end
#Gets all of the Tables names inside the given Database
def get_tbl_names(dbname)
tables=[]
res = mysql_query("SHOW tables from #{dbname}")
if res.size > 0
res.each do |row|
next if row[0].nil?
next if row[0].empty?
tables<<row[0]
end
end
return tables
end
#Saves the Database Schema as Notes for later use.
#Will be used for seeding wordlists when cracking
def report_other_data(mysql_schema)
unless mysql_schema.nil?
report_note(
:host => rhost,
:type => "mysql.schema",
:data => mysql_schema,
:port => rport,
:proto => 'tcp',
:update => :unique_data
)
end
end
end

38
modules/auxiliary/scanner/oracle/oracle_hashdump.rb
View File

@ -27,7 +27,7 @@ class Metasploit3 < Msf::Auxiliary
from Oracle given the proper Credentials and SID.
These are then stored as loot for later cracking.
},
'Author' => ['TheLightCosine <thelightcosine[at]gmail.com>'],
'Author' => ['TheLightCosine <thelightcosine[at]metasploit.com>'],
'License' => MSF_LICENSE
)
end
@ -99,32 +99,9 @@ class Metasploit3 < Msf::Auxiliary
end
print_status("Hash table :\n #{tbl}")
report_hashes(tbl.to_csv, is_11g, ip, this_service)
schema= get_schema()
unless schema.nil? or schema.empty?
report_other_data(schema,ip)
end
end
def get_schema
#Grabs the Database and table names for storage
#These names will be sued later to seed wordlists for cracking
query= 'SELECT DISTINCT owner FROM all_tables'
databases= prepare_exec(query)
schema={}
unless databases.empty?
databases.each do |db|
query= "SELECT table_name FROM all_tables where owner=\'#{db}\'"
tables = prepare_exec(query)
unless tables.empty?
schema[db]= tables
end
end
end
return schema
end
def report_hashes(hash_loot, is_11g, ip, service)
#reports the hashes slightly differently depending on the version
@ -140,20 +117,7 @@ class Metasploit3 < Msf::Auxiliary
end
end
def report_other_data(oracle_schema,ip)
unless oracle_schema.nil?
report_note(
:host => ip,
:type => "oracle.schema",
:data => oracle_schema,
:port => datastore['RPORT'],
:proto => 'tcp',
:update => :unique_data
)
end
end
end

2
modules/auxiliary/scanner/postgres/postgres_hashdump.rb
View File

@ -27,7 +27,7 @@ class Metasploit3 < Msf::Auxiliary
This module extracts the usernames and encrypted password
hashes from a Postgres server and stores them for later cracking.
},
'Author' => ['TheLightCosine <thelightcosine[at]gmail.com>'],
'Author' => ['TheLightCosine <thelightcosine[at]metasploit.com>'],
'License' => MSF_LICENSE
)
register_options([