From 899e7ffe03c98117b3bd20cdd90248183cb55215 Mon Sep 17 00:00:00 2001 From: Alex Verbiest Date: Sat, 21 Nov 2015 07:15:22 -0800 Subject: [PATCH 1/2] New (third party) Sids added --- sids.txt | 262 +++++++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 214 insertions(+), 48 deletions(-) diff --git a/sids.txt b/sids.txt index 505301d..aaf65bb 100644 --- a/sids.txt +++ b/sids.txt @@ -1,53 +1,11 @@ -ORCL -XE -ASDB -IASDB -OEMREP -SA0 -SA1 -SA2 -SA3 -SA4 -SA5 -SA6 -SA7 -SA8 -SA9 -SAA -SAB -SAC -SAD -SAE -SAF -SAG -SAH -SAI -SAJ -SAK -SAL -SAM -SAN -SAO -SAP -SAQ -SAR -SAS -SAT -SAU -SAV -SAW -SAX -SAY -SAZ -IXOS -CTM4_0 -CTM4_1 -CTM4_6 -CTM4_6 -ARIS -MSAM ADV1 ADVCPROD +AIX10 +AIX11 +AIX9 +APEX +ARIS +ASDB ASDB0 ASDB1 ASDB2 @@ -64,8 +22,13 @@ ASG817T ATRPROD ATRTEST BLA +BOOKS BUDGET C630 +CTM4_0 +CTM4_1 +CTM4_6 +CTM4_7 D D10 D8 @@ -94,6 +57,7 @@ DBX DEMO DEV DEV0 +DEV01 DEV1 DEV2 DEV3 @@ -108,12 +72,15 @@ DIA1 DIA2 DIS DWH +DWHDB DWHPROD DWHTEST DWRHS +EARTH ELCARO EMRS2 EOF +ERP ESOR FINDEC FINPROD @@ -123,6 +90,11 @@ FPRD GR01 GR02 GR03 +HCDMO +HEDGEHOG +HPUX10 +HPUX11 +HPUX9 HR HR0 HR1 @@ -135,21 +107,42 @@ HR7 HR8 HR9 HRDMO +HTMLDB +IAGTS +IASDB INCD ISD01 ISD06 +ISP ISP01 +ISP1 +ISP2 +ISQ1 ITS +IXOS KRAUS KRONOS LDAP +LIN10 +LIN11 +LIN9 LINUX101 LINUX1011 LINUX1012 LINUX1013 LINUX1014 +LINUX1015 LINUX102 LINUX1021 +LINUX1022 +LINUX1023 +LINUX1024 +LINUX1025 +LINUX111 +LINUX11106 +LINUX11107 +LINUX112 +LINUX11201 LINUX817 LINUX8171 LINUX8172 @@ -164,16 +157,35 @@ LINUX9024 LINUX9025 LINUX9026 LINUX9027 +LINUX9028 +LINUX92 +LINUX9208 LUN MDTEST +MSAM +MV713 MYDB NEDB NORTHWIND +OAS +OAS1 +OAS10 +OAS2 +OAS3 +OAS4 +OAS5 +OAS6 +OAS7 +OAS8 +OAS9 ODB +OEMREP OGDP OID OJS OMS +OPENVIEW +ORA ORA1 ORA10 ORA101 @@ -213,7 +225,29 @@ ORA1021T ORA1022 ORA1022P ORA1022T +ORA1023 +ORA1023P +ORA1023T +ORA1024 +ORA1024P +ORA1024T +ORA1025 +ORA1025P +ORA1025T +ORA11 +ORA111 +ORA11106 +ORA11107 +ORA112 +ORA11201 +ORA11202 +ORA11G ORA2 +ORA3 +ORA4 +ORA5 +ORA6 +ORA7 ORA8 ORA805 ORA806 @@ -236,6 +270,7 @@ ORA8174 ORA8174P ORA8174T ORA8_SC +ORA9 ORA910 ORA920 ORA9201 @@ -259,6 +294,9 @@ ORA9206T ORA9207 ORA9207P ORA9207T +ORA9208 +ORA9208P +ORA9208T ORACL ORACLE ORADB @@ -266,9 +304,13 @@ ORADB1 ORADB2 ORADB3 ORALIN +ORCL ORCL0 ORCL1 ORCL10 +ORCL10G +ORCL11 +ORCL11G ORCL2 ORCL3 ORCL4 @@ -311,11 +353,13 @@ ORCLT ORCLU ORCLV ORCLW +ORCL.WORLD ORCLX ORCLY ORCLZ ORIONDB ORTD +OVO P P10 P10G @@ -337,6 +381,13 @@ PORA1014 PORA1015 PORA1021 PORA1022 +PORA1023 +PORA1024 +PORA1025 +PORA11106 +PORA11107 +PORA11201 +PORA11202 PORA8170 PORA8171 PORA8172 @@ -349,12 +400,16 @@ PORA9204 PORA9205 PORA9206 PORA9207 +PORA9208 PRD PRITXI PROD PROD0 PROD1 +PROD10 PROD10G +PROD11 +PROD11G PROD2 PROD3 PROD4 @@ -367,12 +422,16 @@ PROD9 PROD920 PROD9I PROG10 +QM +QS RAB1 RAC RAC1 RAC2 RAC3 RAC4 +RDB +RDS RECV REP REP0 @@ -407,6 +466,7 @@ REPOS6 REPOS7 REPOS8 REPOS9 +REPSCAN RIPPROD RITCTL RITDEV @@ -414,9 +474,34 @@ RITPROD RITQA RITTRN RITTST +SA0 +SA1 +SA2 +SA3 +SA4 +SA5 +SA6 +SA7 +SA8 +SA9 +SAA +SAB +SAC +SAD +SAE +SAF +SAG +SAH +SAI +SAJ +SAK +SAL SALES +SAM SAMPLE +SAN SANIPSP +SAO SAP SAP0 SAP1 @@ -429,6 +514,19 @@ SAP7 SAP8 SAP9 SAPHR +SAQ +SAR +SAS +SAT +SAU +SAV +SAW +SAX +SAY +SAZ +SDB +SENTRIGO +SES SGNT SID0 SID1 @@ -440,6 +538,10 @@ SID6 SID7 SID8 SID9 +SIP +SOL10 +SOL11 +SOL9 STAG1 STAG2 T1 @@ -462,10 +564,14 @@ T91 T92 TEST TEST10G +TEST11G +TEST9I +TESTORCL THUMPER TRC28 TRIUMF TSH1 +TSM TST TST0 TST1 @@ -483,8 +589,13 @@ UNIX1011 UNIX1012 UNIX1013 UNIX1014 +UNIX1015 UNIX102 UNIX1021 +UNIX1022 +UNIX1023 +UNIX1024 +UNIX1025 UNIX817 UNIX8171 UNIX8172 @@ -499,16 +610,30 @@ UNIX9024 UNIX9025 UNIX9026 UNIX9027 +UNIX9028 +V713 VENOM VENU VISTA +VPX W101 W1011 W1012 W1013 W1014 +W1015 W102 W1021 +W1022 +W1023 +W1024 +W1025 +W111 +W11102 +W11106 +W11107 +W112 +W11201 W817 W8171 W8172 @@ -523,14 +648,40 @@ W9024 W9025 W9026 W9027 +W9028 +WEB +WEB1 +WEB10 +WEB2 +WEB3 +WEB4 +WEB5 +WEB6 +WEB7 +WEB8 +WEB9 +WEBDEV WG73 WIN101 WIN1011 WIN1012 WIN1013 WIN1014 +WIN1015 WIN102 WIN1021 +WIN1022 +WIN1023 +WIN1024 +WIN1025 +WIN11 +WIN111 +WIN11106 +WIN11107 +WIN112 +WIN11201 +WIN11202 +WIN7 WIN817 WIN8171 WIN8172 @@ -545,13 +696,26 @@ WIN9024 WIN9025 WIN9026 WIN9027 +WIN9028 WINDOWS101 WINDOWS1011 WINDOWS1012 WINDOWS1013 WINDOWS1014 +WINDOWS1015 WINDOWS102 WINDOWS1021 +WINDOWS1022 +WINDOWS1023 +WINDOWS1024 +WINDOWS1025 +WINDOWS11 +WINDOWS111 +WINDOWS11106 +WINDOWS11107 +WINDOWS112 +WINDOWS11201 +WINDOWS11202 WINDOWS817 WINDOWS8171 WINDOWS8172 @@ -566,5 +730,7 @@ WINDOWS9024 WINDOWS9025 WINDOWS9026 WINDOWS9027 +WINDOWS9028 +XE XEXDB XE_XPT From a3cecd67bbc2d2404f3988ffc64ceae4d911a4d2 Mon Sep 17 00:00:00 2001 From: Alex Verbiest Date: Sat, 21 Nov 2015 07:41:18 -0800 Subject: [PATCH 2/2] Added minimum SIDs size option for brute force, typo fixes --- Constants.py | 7 ++----- SIDGuesser.py | 2 +- Utils.py | 28 ++++++++++++++-------------- odat.py | 7 ++++--- 4 files changed, 21 insertions(+), 23 deletions(-) diff --git a/Constants.py b/Constants.py index 9d3b8f2..9f7d118 100644 --- a/Constants.py +++ b/Constants.py @@ -17,6 +17,7 @@ By Quentin Hardy (quentin.hardy@bt.com or qhardyfr@gmail.com) """ CURRENT_VERSION = "Version 1.6 - 2015/07/14" +DEFAULT_SID_MIN_SIZE = 1 DEFAULT_SID_MAX_SIZE = 2 MAX_HELP_POSITION=60 DEFAULT_SID_FILE = "sids.txt" @@ -38,18 +39,14 @@ DEFAULT_ENCODING = 'utf8' #SEARCH module PATTERNS_COLUMNS_WITH_PWDS = [ - '%motdepasse%', - '%mot_de_passe%', '%mdp%', '%pwd%', - '%passswd%', - "%password%", + '%pass%', "%contraseña%", "%clave%", "%chiave%", "%пароль%", "%wachtwoord%", - "%Passwort%", "%hasło%", "%senha%", ] diff --git a/SIDGuesser.py b/SIDGuesser.py index d9e427c..016e23d 100644 --- a/SIDGuesser.py +++ b/SIDGuesser.py @@ -133,7 +133,7 @@ def runSIDGuesserModule(args): sIDGuesser = SIDGuesser(args,args['sids-file'],timeSleep=args['timeSleep']) if args['no-alias-like-sid'] == False : sIDGuesser.loadSidsFromListenerAlias() sIDGuesser.searchKnownSIDs() - for aSIDSize in range(1, args['sids-max-size']+1): + for aSIDSize in range(args['sids-min-size'], args['sids-max-size']+1): sIDGuesser.bruteforceSIDs(size=aSIDSize, charset=args['sid-charset']) validSIDsList = sIDGuesser.getValidSIDs() if validSIDsList == []: diff --git a/Utils.py b/Utils.py index 2c40ce0..2fa95de 100644 --- a/Utils.py +++ b/Utils.py @@ -113,13 +113,13 @@ def configureLogging(args): def execSystemCmd (cmd): ''' - Execute a commande with popen + Execute a command with popen Return None if an error ''' p = Popen(cmd, stdin=PIPE, stdout=PIPE, stderr=PIPE, close_fds=True, shell=True) stdout, stderr = p.communicate() if stderr != "" : - logging.error("Problem when execuritng the command \'{0}\':\n{1}".format(cmd, stderr[:-1])) + logging.error("Problem when executing the command \'{0}\':\n{1}".format(cmd, stderr[:-1])) return None else : if stdout != "" : @@ -132,9 +132,9 @@ def execSystemCmd (cmd): def anAccountIsGiven (args): ''' return True if an account is given in args - Otehrwise, return False - - oeprations muste be a list - - args must be a dictionnary + Otherwise, return False + - operations must be a list + - args must be a dictionary ''' if (args.has_key('user') ==False or args.has_key('password') == False) or (args['user'] == None and args['password'] == None): logging.critical("You must give a valid account with the '-U username' option and the '-P password' option.") @@ -143,17 +143,17 @@ def anAccountIsGiven (args): logging.critical("You must give a valid account with the '-P password' option.") return False elif args['user'] == None and args['password'] != None: - logging.critical("You must give a valid username thanks to the '-U username' option.") + logging.critical("You must give a valid username with the '-U username' option.") return False else : return True def anOperationHasBeenChosen(args, operations): ''' - Return True if an operation has been choosing. + Return True if an operation has been chosen. Otherwise return False - - oeprations muste be a list - - args must be a dictionnary + - operations must be a list + - args must be a dictionary ''' for key in operations: if args.has_key(key) == True: @@ -167,10 +167,10 @@ def ipOrNameServerHasBeenGiven(args): ''' Return True if an ip or name server has been given Otherwise return False - - args must be a dictionnary + - args must be a dictionary ''' if args.has_key('server') == False or args['server'] == None: - logging.critical("The server addess must be given thanks to the '-s IPadress' option.") + logging.critical("The server address must be given with the '-s IPadress' option.") return False else : try: @@ -188,10 +188,10 @@ def sidHasBeenGiven(args): ''' Return True if an ip has been given Otherwise return False - - args must be a dictionnary + - args must be a dictionary ''' if args.has_key('sid') == False or args['sid'] == None: - logging.critical("The server SID must be given thanks to the '-d SID' option.") + logging.critical("The server SID must be given with the '-d SID' option.") return False return True @@ -200,7 +200,7 @@ def checkOptionsGivenByTheUser(args,operationsAllowed,checkAccount=True): Return True if all options are OK Otherwise return False - args: list - - operationsAllowed : opertaions allowed with this module + - operationsAllowed : operations allowed with this module ''' if ipOrNameServerHasBeenGiven(args) == False : return False elif sidHasBeenGiven(args) == False : return False diff --git a/odat.py b/odat.py index f8c0c0a..1a48c5d 100755 --- a/odat.py +++ b/odat.py @@ -80,8 +80,8 @@ def runAllModules(args): else : validSIDsList = [args['sid']] #B)ACCOUNT MANAGEMENT - if args['credentielsFile'] == True : - logging.debug("Loading credentiels stored in the {0} file".format(args['accounts-file'])) + if args['credentialsFile'] == True : + logging.debug("Loading credentials stored in the {0} file".format(args['accounts-file'])) #Load accounts from file passwordGuesser = PasswordGuesser(args, args['accounts-file']) validAccountsList = passwordGuesser.getAccountsFromFile() @@ -225,7 +225,7 @@ def main(): #1.3- Parent parser: all option PPallModule = argparse.ArgumentParser(add_help=False,formatter_class=lambda prog: argparse.HelpFormatter(prog, max_help_position=MAX_HELP_POSITION)) PPallModule._optionals.title = "all module options" - PPallModule.add_argument('-C', dest='credentielsFile', action='store_true', required=False, default=False, help='use credentiels stored in the --accounts-file file (disable -P and -U)') + PPallModule.add_argument('-C', dest='credentialsFile', action='store_true', required=False, default=False, help='use credentials stored in the --accounts-file file (disable -P and -U)') PPallModule.add_argument('--no-tns-poisoning-check', dest='no-tns-poisoning-check', action='store_true', required=False, default=False, help="don't check if target is vulnreable to TNS poisoning") #1.3- Parent parser: TNS cmd PPTnsCmd = argparse.ArgumentParser(add_help=False,formatter_class=lambda prog: argparse.HelpFormatter(prog, max_help_position=MAX_HELP_POSITION)) @@ -237,6 +237,7 @@ def main(): #1.3- Parent parser: SID Guesser PPsidguesser = argparse.ArgumentParser(add_help=False,formatter_class=lambda prog: argparse.HelpFormatter(prog, max_help_position=MAX_HELP_POSITION)) PPsidguesser._optionals.title = "SID guesser options" + PPsidguesser.add_argument('--sids-min-size',dest='sids-min-size',required=False, type=int, default=DEFAULT_SID_MIN_SIZE, help='minimum size of SIDs for the bruteforce (default: %(default)s)') PPsidguesser.add_argument('--sids-max-size',dest='sids-max-size',required=False, type=int, default=DEFAULT_SID_MAX_SIZE, help='maximum size of SIDs for the bruteforce (default: %(default)s)') PPsidguesser.add_argument('--sid-charset',dest='sid-charset',required=False, default=DEFAULT_SID_CHARSET, help='charset for the sid bruteforce (default: %(default)s)') PPsidguesser.add_argument('--sids-file',dest='sids-file',required=False,metavar="FILE",default=DEFAULT_SID_FILE, help='file containing SIDs (default: %(default)s)')