forked from quentinhardy/odat
-
Notifications
You must be signed in to change notification settings - Fork 0
/
SIDGuesser.py
147 lines (129 loc) · 4.46 KB
/
SIDGuesser.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
#!/usr/bin/python
# -*- coding: utf-8 -*-
from OracleDatabase import OracleDatabase
from time import sleep
from itertools import product
import logging, string
from Tnscmd import Tnscmd
from Constants import *
from Utils import stringToLinePadded
class SIDGuesser (OracleDatabase):
'''
SID guesser
'''
def __init__(self, args, SIDFile, timeSleep=0):
'''
Constructor
'''
logging.debug("SIDGuesser object created")
OracleDatabase.__init__(self,args)
self.SIDFile = SIDFile
self.sids = []
self.valideSIDS = []
self.args['SYSDBA'] = False
self.args['SYSOPER'] = False
self.timeSleep = timeSleep
self.NO_GOOD_SID_STRING_LIST = ["listener does not currently know of service requested","listener does not currently know of SID","connection to server failed"]
def getValidSIDs(self):
'''
return a list containing valid sids found
'''
return self.valideSIDS
def appendValideSID (self, sid):
'''
Append to self.valideSIDS a new DIS if no in the list
'''
if sid not in self.valideSIDS:
self.valideSIDS.append(sid)
def __setUserAndPassword__(self):
'''
User and password random
'''
self.args['user'] = self.__generateRandomString__(nb=10)
self.args['password'] = self.__generateRandomString__(nb=10)
def __loadSIDsFromFile__(self):
'''
return list containing SIDS
'''
sids = []
logging.info('Load SIDS stored in the {0} file'.format(self.SIDFile))
f = open(self.SIDFile)
for l in f: sids.append(l.replace('\n','').replace('\t',''))
f.close()
return sorted(sids)
def __testIfAGoodSID__(self):
'''
Test if it is a good SID
'''
no_good_sid_found = False
self.__setUserAndPassword__()
self.__generateConnectionString__()
logging.debug("Try to connect with the {0} SID ({1})".format(self.args['sid'],self.args['connectionStr']))
status = self.connection()
if self.__needRetryConnection__(status) == True:
status = self.__retryConnect__(nbTry=4)
if status != None :
for aNoGoodString in self.NO_GOOD_SID_STRING_LIST:
if aNoGoodString in str(status):
no_good_sid_found = True
break
if no_good_sid_found == False:
self.appendValideSID(self.args['sid'])
logging.info("'{0}' is a valid SID (Server message: {1})".format(self.args['sid'],str(status)))
self.args['print'].goodNews(stringToLinePadded("'{0}' is a valid SID. Continue... ".format(self.args['sid'])))
self.close()
def searchKnownSIDs(self):
'''
Search valid SIDs THANKS TO a well known sid list
'''
self.args['print'].subtitle("Searching valid SIDs thanks to a well known SID list on the {0}:{1} server".format(self.args['server'], self.args['port']))
self.sids += self.__loadSIDsFromFile__()
pbar,nb = self.getStandardBarStarted(len(self.sids)), 0
logging.info('Start the research')
for aSID in self.sids :
nb += 1
pbar.update(nb)
self.args['sid'] = aSID
self.__testIfAGoodSID__()
sleep(self.timeSleep)
pbar.finish()
return True
def bruteforceSIDs(self, size=4, charset=string.ascii_uppercase):
'''
Bruteforce_sid
'''
self.args['print'].subtitle("Searching valid SIDs thanks to a brute-force attack on {2} chars now ({0}:{1})".format(self.args['server'], self.args['port'], size))
pbar,nb = self.getStandardBarStarted(len(charset)**size), 0
logging.info('Start the research')
for aSID in product(list(charset), repeat=size):
nb +=1
pbar.update(nb)
self.args['sid'] = ''.join(aSID)
self.__testIfAGoodSID__()
sleep(self.timeSleep)
pbar.finish()
return True
def loadSidsFromListenerAlias(self):
'''
Append ALIAS from listener into the SID list to try ALIAS like SID
'''
logging.info('Put listener ALIAS into the SID list to try ALIAS like SID')
tnscmd = Tnscmd(self.args)
tnscmd.getInformation()
self.sids += tnscmd.getAlias()
def runSIDGuesserModule(args):
'''
Run the SIDGuesser module
'''
args['print'].title("Searching valid SIDs")
sIDGuesser = SIDGuesser(args,args['sids-file'],timeSleep=args['timeSleep'])
if args['no-alias-like-sid'] == False : sIDGuesser.loadSidsFromListenerAlias()
sIDGuesser.searchKnownSIDs()
for aSIDSize in range(args['sids-min-size'], args['sids-max-size']+1):
sIDGuesser.bruteforceSIDs(size=aSIDSize, charset=args['sid-charset'])
validSIDsList = sIDGuesser.getValidSIDs()
if validSIDsList == []:
args['print'].badNews("No found a valid SID".format(args['server'], args['port']))
else :
args['print'].goodNews("SIDs found on the {0}:{1} server: {2}".format(args['server'], args['port'], ','.join(validSIDsList)))
return validSIDsList