Stop throwing an exception on module initialization, delay this until connect() to avoid breaking module enumeration tools. Clean up the tabs and indents. Delete the broken rescue clause with no begin
git-svn-id: file:///home/svn/framework3/trunk@7696 4d416f70-5f16-0410-b530-b9f4589650daunstable
parent
5c271db9b5
commit
fda1083d13
|
@ -13,7 +13,7 @@
|
|||
require 'msf/core'
|
||||
|
||||
module Msf
|
||||
module Exploit::ORACLE
|
||||
module Exploit::ORACLE
|
||||
|
||||
|
||||
def initialize(info = {})
|
||||
|
@ -21,38 +21,47 @@ module Exploit::ORACLE
|
|||
|
||||
register_options(
|
||||
[
|
||||
OptString.new('RHOST', [ true, 'The Oracle host.', '']),
|
||||
OptString.new('RPORT', [ true, 'The TNS port.', '1521']),
|
||||
OptString.new('SID', [ true, 'The sid to authenticate with.', 'ORCL']),
|
||||
OptString.new('DBUSER', [ true, 'The username to authenticate with.', 'SCOTT']),
|
||||
OptString.new('DBPASS', [ true, 'The password to authenticate with.', 'TIGER']),
|
||||
OptString.new('RHOST', [ true, 'The Oracle host.', '']),
|
||||
OptString.new('RPORT', [ true, 'The TNS port.', '1521']),
|
||||
OptString.new('SID', [ true, 'The sid to authenticate with.', 'ORCL']),
|
||||
OptString.new('DBUSER', [ true, 'The username to authenticate with.', 'SCOTT']),
|
||||
OptString.new('DBPASS', [ true, 'The password to authenticate with.', 'TIGER']),
|
||||
], Msf::Exploit::ORACLE
|
||||
)
|
||||
|
||||
begin
|
||||
olang = ENV['NLS_LANG']
|
||||
ENV['NLS_LANG'] = 'US-ASCII'
|
||||
require 'oci8'
|
||||
rescue ::LoadError
|
||||
print_error("oci8 module not loaded, is installed ok?")
|
||||
raise RuntimeError, "The oci8 module is not available!"
|
||||
ENV['NLS_LANG'] = olang
|
||||
@oci8_loaded = true
|
||||
rescue ::Exception => e
|
||||
@oci8_loaded = false
|
||||
@oci8_error = e
|
||||
end
|
||||
end
|
||||
|
||||
def connect
|
||||
if(not @oci8_loaded)
|
||||
raise RuntimeError, "Could not load the Oracle driver (oci8): #{@oci8_error}"
|
||||
end
|
||||
|
||||
# Create a Connection to the Database
|
||||
if datastore['DBUSER'] == 'SYS' || datastore['DBUSER'] == 'SYSTEM'
|
||||
handle = OCI8.new(datastore['DBUSER'],
|
||||
datastore['DBPASS'],
|
||||
"//#{datastore['RHOST']}:#{datastore['RPORT']}/#{datastore['SID']}",
|
||||
:SYSDBA)
|
||||
handle = OCI8.new(
|
||||
datastore['DBUSER'],
|
||||
datastore['DBPASS'],
|
||||
"//#{datastore['RHOST']}:#{datastore['RPORT']}/#{datastore['SID']}",
|
||||
:SYSDBA
|
||||
)
|
||||
else
|
||||
handle = OCI8.new(datastore['DBUSER'],
|
||||
datastore['DBPASS'],
|
||||
"//#{datastore['RHOST']}:#{datastore['RPORT']}/#{datastore['SID']}")
|
||||
handle = OCI8.new(
|
||||
datastore['DBUSER'],
|
||||
datastore['DBPASS'],
|
||||
"//#{datastore['RHOST']}:#{datastore['RPORT']}/#{datastore['SID']}"
|
||||
)
|
||||
end
|
||||
# 23.11 passing a raise call after the print_error, so we get the error message and the error is passed on in case the module needs it (eg, login_brute)
|
||||
rescue ::OCIError => e
|
||||
# print_error("#{e.class} #{e.to_s}")
|
||||
raise
|
||||
|
||||
end
|
||||
|
||||
def disconnect
|
||||
|
@ -69,7 +78,7 @@ module Exploit::ORACLE
|
|||
# DEBUG
|
||||
# print_status("did the parse sploit type is " + sploit.type.to_s)
|
||||
begin
|
||||
sploit.exec
|
||||
sploit.exec
|
||||
rescue ::OCIError => e
|
||||
if ( e.to_s =~ /ORA-00942: table or view does not exist/ )
|
||||
print_status("ORA-00942: table or view does not exist")
|
||||
|
@ -83,7 +92,7 @@ module Exploit::ORACLE
|
|||
# Also return types are a little different (some return rows changed so we can used that)
|
||||
# The case statement could probaby be collapsed a bit but leaving it as is for the moment
|
||||
# in case it's useful later...
|
||||
|
||||
|
||||
# Select Queries
|
||||
case sploit.type
|
||||
when 1, :select_stmt
|
||||
|
@ -96,9 +105,9 @@ module Exploit::ORACLE
|
|||
# print_status(str)
|
||||
results << str
|
||||
end
|
||||
|
||||
|
||||
return results
|
||||
|
||||
|
||||
# Update Queries
|
||||
when 2, :update_stmt
|
||||
connect.commit
|
||||
|
@ -146,3 +155,4 @@ module Exploit::ORACLE
|
|||
|
||||
end
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in New Issue