@@ -42,18 +42,22 @@ def run_host(ip)
4242 send_packet = tns_packet ( "(CONNECT_DATA=(COMMAND=service_register_NSGR))" )
4343 sock . put ( send_packet )
4444 packet = sock . read ( 100 )
45- hex_packet = Rex ::Text . to_hex ( packet , prefix = ':' )
46- split_hex = hex_packet . split ( ":" )
47- find_packet = /\( ERROR_STACK=\( ERROR=/ === packet
48- #find_packet == true ? print_error("#{ip}:#{rport} is not vulnerable ") : print_good("#{ip}:#{rport} is vulnerable")
49- if find_packet == true
50- print_error ( "#{ ip } #{ rport } )
51- elsif split_hex [ 5 ] == "02"
52- print_good ( "#{ ip } #{ rport } )
53- elsif split_hex [ 5 ] == "04"
54- print_error ( "#{ ip } #{ rport } )
45+ if packet != nil
46+ hex_packet = Rex ::Text . to_hex ( packet , prefix = ':' )
47+ split_hex = hex_packet . split ( ":" )
48+ find_packet = /\( ERROR_STACK=\( ERROR=/ === packet
49+ #find_packet == true ? print_error("#{ip}:#{rport} is not vulnerable ") : print_good("#{ip}:#{rport} is vulnerable")
50+ if find_packet == true #TNS Packet returned ERROR
51+ print_error ( "#{ ip } #{ rport } )
52+ elsif split_hex [ 5 ] == "02" #TNS Packet Type: ACCEPT
53+ print_good ( "#{ ip } #{ rport } )
54+ elsif split_hex [ 5 ] == "04" #TNS Packet Type: REFUSE
55+ print_error ( "#{ ip } #{ rport } )
56+ else #All other TNS packet types or non-TNS packet type response cannot guarantee vulnerability
57+ print_error ( "#{ ip } #{ rport } )
58+ end
5559 else
56- print_error ( "#{ ip } #{ rport } might not be vulnerable" )
60+ print_error ( "#{ ip } #{ rport } is not vulnerable" )
5761 end
5862 # TODO: Module should report_vuln if this finding is solid.
5963 rescue ::Rex ::ConnectionError , ::Errno ::EPIPE
0 commit comments