From fda1083d13916fe30b2752f540bc605d769b7e6b Mon Sep 17 00:00:00 2001 From: HD Moore Date: Fri, 4 Dec 2009 17:22:32 +0000 Subject: [PATCH] Stop throwing an exception on module initialization, delay this until connect() to avoid breaking module enumeration tools. Clean up the tabs and indents. Delete the broken rescue clause with no begin git-svn-id: file:///home/svn/framework3/trunk@7696 4d416f70-5f16-0410-b530-b9f4589650da --- lib/msf/core/exploit/oracle.rb | 58 ++++++++++++++++++++-------------- 1 file changed, 34 insertions(+), 24 deletions(-) diff --git a/lib/msf/core/exploit/oracle.rb b/lib/msf/core/exploit/oracle.rb index 3175becfc2..98ce2da66b 100644 --- a/lib/msf/core/exploit/oracle.rb +++ b/lib/msf/core/exploit/oracle.rb @@ -13,7 +13,7 @@ require 'msf/core' module Msf -module Exploit::ORACLE +module Exploit::ORACLE def initialize(info = {}) @@ -21,38 +21,47 @@ module Exploit::ORACLE register_options( [ - OptString.new('RHOST', [ true, 'The Oracle host.', '']), - OptString.new('RPORT', [ true, 'The TNS port.', '1521']), - OptString.new('SID', [ true, 'The sid to authenticate with.', 'ORCL']), - OptString.new('DBUSER', [ true, 'The username to authenticate with.', 'SCOTT']), - OptString.new('DBPASS', [ true, 'The password to authenticate with.', 'TIGER']), + OptString.new('RHOST', [ true, 'The Oracle host.', '']), + OptString.new('RPORT', [ true, 'The TNS port.', '1521']), + OptString.new('SID', [ true, 'The sid to authenticate with.', 'ORCL']), + OptString.new('DBUSER', [ true, 'The username to authenticate with.', 'SCOTT']), + OptString.new('DBPASS', [ true, 'The password to authenticate with.', 'TIGER']), ], Msf::Exploit::ORACLE ) begin + olang = ENV['NLS_LANG'] + ENV['NLS_LANG'] = 'US-ASCII' require 'oci8' - rescue ::LoadError - print_error("oci8 module not loaded, is installed ok?") - raise RuntimeError, "The oci8 module is not available!" + ENV['NLS_LANG'] = olang + @oci8_loaded = true + rescue ::Exception => e + @oci8_loaded = false + @oci8_error = e end end def connect + if(not @oci8_loaded) + raise RuntimeError, "Could not load the Oracle driver (oci8): #{@oci8_error}" + end + # Create a Connection to the Database if datastore['DBUSER'] == 'SYS' || datastore['DBUSER'] == 'SYSTEM' - handle = OCI8.new(datastore['DBUSER'], - datastore['DBPASS'], - "//#{datastore['RHOST']}:#{datastore['RPORT']}/#{datastore['SID']}", - :SYSDBA) + handle = OCI8.new( + datastore['DBUSER'], + datastore['DBPASS'], + "//#{datastore['RHOST']}:#{datastore['RPORT']}/#{datastore['SID']}", + :SYSDBA + ) else - handle = OCI8.new(datastore['DBUSER'], - datastore['DBPASS'], - "//#{datastore['RHOST']}:#{datastore['RPORT']}/#{datastore['SID']}") + handle = OCI8.new( + datastore['DBUSER'], + datastore['DBPASS'], + "//#{datastore['RHOST']}:#{datastore['RPORT']}/#{datastore['SID']}" + ) end - # 23.11 passing a raise call after the print_error, so we get the error message and the error is passed on in case the module needs it (eg, login_brute) - rescue ::OCIError => e - # print_error("#{e.class} #{e.to_s}") - raise + end def disconnect @@ -69,7 +78,7 @@ module Exploit::ORACLE # DEBUG # print_status("did the parse sploit type is " + sploit.type.to_s) begin - sploit.exec + sploit.exec rescue ::OCIError => e if ( e.to_s =~ /ORA-00942: table or view does not exist/ ) print_status("ORA-00942: table or view does not exist") @@ -83,7 +92,7 @@ module Exploit::ORACLE # Also return types are a little different (some return rows changed so we can used that) # The case statement could probaby be collapsed a bit but leaving it as is for the moment # in case it's useful later... - + # Select Queries case sploit.type when 1, :select_stmt @@ -96,9 +105,9 @@ module Exploit::ORACLE # print_status(str) results << str end - + return results - + # Update Queries when 2, :update_stmt connect.commit @@ -146,3 +155,4 @@ module Exploit::ORACLE end end +