Ora XID HTTP needn't edit DBUSER (@cellabosm)

Tod Beardsley · Tod Beardsley · commit 7f59cf503561 · 2014-05-23T15:20:46.000-05:00
Looks like copypasta artifacts. DBUSER and DBPASS aren't ever set as
options in the module, and the module doesn't include MC's
Exploit::ORACLE mixin. It's also from four years ago and doesn't
report_auth or anything useful like that, but that's out of scope for
this branch.
diff --git a/modules/auxiliary/scanner/oracle/xdb_sid_brute.rb b/modules/auxiliary/scanner/oracle/xdb_sid_brute.rb
@@ -32,7 +32,6 @@ def initialize
           OptString.new('CSVFILE', [ false, 'The file that contains a list of default accounts.', File.join(Msf::Config.install_root, 'data', 'wordlists', 'oracle_default_passwords.csv')]),
           Opt::RPORT(8080),
         ], self.class)
-    deregister_options('DBUSER','DBPASS')
   end
 
   def run_host(ip)
@@ -57,9 +56,9 @@ def run_host(ip)
 
     fd = CSV.foreach(list) do |brute|
 
-      datastore['DBUSER'] = brute[2].downcase
-      datastore['DBPASS'] = brute[3].downcase
-      user_pass = "#{datastore['DBUSER']}:#{datastore['DBPASS']}"
+      dbuser = brute[2].downcase
+      dbpass = brute[3].downcase
+      user_pass = "#{dbuser}:#{dbpass}"
 
       res = send_request_raw({
         'uri'     => '/oradb/PUBLIC/GLOBAL_NAME',
@@ -72,7 +71,7 @@ def run_host(ip)
       }, 10)
 
       if( not res )
-        vprint_error("Unable to retrieve SID for #{ip}:#{datastore['RPORT']} with #{datastore['DBUSER']} / #{datastore['DBPASS']}...")
+        vprint_error("Unable to retrieve SID for #{ip}:#{datastore['RPORT']} with #{dbuser} / #{dbpass}...")
         next
       end
       if (res.code == 200)
@@ -89,10 +88,10 @@ def run_host(ip)
           :data => sid,
           :update => :unique_data
         )
-        print_good("Discovered SID: '#{sid[0]}' for host #{ip}:#{datastore['RPORT']} with #{datastore['DBUSER']} / #{datastore['DBPASS']}")
+        print_good("Discovered SID: '#{sid[0]}' for host #{ip}:#{datastore['RPORT']} with #{dbuser} / #{dbpass}")
         users.push(user_pass)
       else
-        vprint_error("Unable to retrieve SID for #{ip}:#{datastore['RPORT']} with #{datastore['DBUSER']} / #{datastore['DBPASS']}...")
+        vprint_error("Unable to retrieve SID for #{ip}:#{datastore['RPORT']} with #{dbuser} / #{dbpass}...")
       end
     end #fd.each
 
