rubyfu 1.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/README.md +96 -0
- data/Rakefile +1 -0
- data/_book/beginners.html +1299 -0
- data/_book/contribution.html +1350 -0
- data/_book/contributors/Ruby_Loves_Us.jpg +0 -0
- data/_book/contributors/index.html +1294 -0
- data/_book/contributors/todo.html +1293 -0
- data/_book/cover.jpg +0 -0
- data/_book/faqs/index.html +1308 -0
- data/_book/files/module03/dns_spoofing_dns-query.pcap +0 -0
- data/_book/files/module03/dns_spoofing_dns-req_res.pcap.pcapng +0 -0
- data/_book/files/module06/ftp.pcap +0 -0
- data/_book/files/module06/packets.pcap +0 -0
- data/_book/gitbook/app.js +25001 -0
- data/_book/gitbook/fonts/fontawesome/FontAwesome.otf +0 -0
- data/_book/gitbook/fonts/fontawesome/fontawesome-webfont.eot +0 -0
- data/_book/gitbook/fonts/fontawesome/fontawesome-webfont.svg +504 -0
- data/_book/gitbook/fonts/fontawesome/fontawesome-webfont.ttf +0 -0
- data/_book/gitbook/fonts/fontawesome/fontawesome-webfont.woff +0 -0
- data/_book/gitbook/images/apple-touch-icon-precomposed-152.png +0 -0
- data/_book/gitbook/images/favicon.ico +0 -0
- data/_book/gitbook/plugins/gitbook-plugin-addcssjs/README.md +19 -0
- data/_book/gitbook/plugins/gitbook-plugin-addcssjs/index.js +57 -0
- data/_book/gitbook/plugins/gitbook-plugin-addcssjs/package.json +47 -0
- data/_book/gitbook/plugins/gitbook-plugin-anchors/plugin.css +26 -0
- data/_book/gitbook/plugins/gitbook-plugin-book-summary-scroll-position-saver/book-summary-scroll-position-saver.js +30 -0
- data/_book/gitbook/plugins/gitbook-plugin-expandable-chapters/expandable-chapters.css +28 -0
- data/_book/gitbook/plugins/gitbook-plugin-expandable-chapters/expandable-chapters.js +68 -0
- data/_book/gitbook/plugins/gitbook-plugin-fontsettings/buttons.js +151 -0
- data/_book/gitbook/plugins/gitbook-plugin-fontsettings/website.css +291 -0
- data/_book/gitbook/plugins/gitbook-plugin-highlight/ebook.css +131 -0
- data/_book/gitbook/plugins/gitbook-plugin-highlight/website.css +426 -0
- data/_book/gitbook/plugins/gitbook-plugin-search/lunr.min.js +7 -0
- data/_book/gitbook/plugins/gitbook-plugin-search/search.css +27 -0
- data/_book/gitbook/plugins/gitbook-plugin-search/search.js +135 -0
- data/_book/gitbook/plugins/gitbook-plugin-sharing/buttons.js +93 -0
- data/_book/gitbook/plugins/gitbook-plugin-splitter/splitter.css +22 -0
- data/_book/gitbook/plugins/gitbook-plugin-splitter/splitter.js +122 -0
- data/_book/gitbook/style.css +9 -0
- data/_book/googlec55db2d603c3da8b.html +1 -0
- data/_book/images/module02/Cryptography__wiringdiagram.png +0 -0
- data/_book/images/module02/packaging__ocra1.png +0 -0
- data/_book/images/module03/dns_spoofing_wireshark1.png +0 -0
- data/_book/images/module03/dns_spoofing_wireshark2.png +0 -0
- data/_book/images/module04/webfu__post_form1.png +0 -0
- data/_book/images/module04/webfu__proxy2.png +0 -0
- data/_book/images/module04/webfu__twitterAPI1.png +0 -0
- data/_book/images/module04/webfu__xmlrpc1.png +0 -0
- data/_book/images/module05/msf_template1.png +0 -0
- data/_book/images/module06/win-foren__winreg1.png +0 -0
- data/_book/images/other/Ruby_Loves_Us.jpg +0 -0
- data/_book/images/other/cover.jpg +0 -0
- data/_book/images/other/cover_small.jpg +0 -0
- data/_book/images/other/logo.png +0 -0
- data/_book/images/other/rubyfu.png +0 -0
- data/_book/images/other/rubyfu1.png +0 -0
- data/_book/images/other/rubyfu3.png +0 -0
- data/_book/images/other/rubyfu4.png +0 -0
- data/_book/images/other/rubyfu_.png +0 -0
- data/_book/index.html +1284 -0
- data/_book/module_0x1__basic_ruby_kung_fu/array.html +1297 -0
- data/_book/module_0x1__basic_ruby_kung_fu/conversion.html +1386 -0
- data/_book/module_0x1__basic_ruby_kung_fu/extraction.html +1346 -0
- data/_book/module_0x1__basic_ruby_kung_fu/index.html +1367 -0
- data/_book/module_0x1__basic_ruby_kung_fu/string.html +1451 -0
- data/_book/module_0x2__system_kung_fu/command_execution.html +1348 -0
- data/_book/module_0x2__system_kung_fu/cryptography.html +1396 -0
- data/_book/module_0x2__system_kung_fu/email.html +1352 -0
- data/_book/module_0x2__system_kung_fu/file_manipulation.html +1371 -0
- data/_book/module_0x2__system_kung_fu/index.html +1557 -0
- data/_book/module_0x2__system_kung_fu/ncatrb.html +1424 -0
- data/_book/module_0x2__system_kung_fu/packaging.md +1 -0
- data/_book/module_0x2__system_kung_fu/packaging__ocra1.png +0 -0
- data/_book/module_0x2__system_kung_fu/parsing_html,_xml,_json.html +1395 -0
- data/_book/module_0x2__system_kung_fu/rce_as_a_service.html +1336 -0
- data/_book/module_0x2__system_kung_fu/smtp_enumeration.html +1308 -0
- data/_book/module_0x2__system_kung_fu/system_shell.html +1299 -0
- data/_book/module_0x2__system_kung_fu/virustotal.html +1318 -0
- data/_book/module_0x3__network_kung_fu/Remote_shell.md +19 -0
- data/_book/module_0x3__network_kung_fu/arp_spoofing.html +1420 -0
- data/_book/module_0x3__network_kung_fu/dns.html +1315 -0
- data/_book/module_0x3__network_kung_fu/dns_bruteforce.md +49 -0
- data/_book/module_0x3__network_kung_fu/dns_enumeration.html +1371 -0
- data/_book/module_0x3__network_kung_fu/dns_spoofing.html +1694 -0
- data/_book/module_0x3__network_kung_fu/dns_spoofing_wireshark2.png +0 -0
- data/_book/module_0x3__network_kung_fu/ftp.html +1287 -0
- data/_book/module_0x3__network_kung_fu/index.html +1392 -0
- data/_book/module_0x3__network_kung_fu/network_scanning.html +1339 -0
- data/_book/module_0x3__network_kung_fu/network_traffic_analysis.html +1356 -0
- data/_book/module_0x3__network_kung_fu/nmap.html +1355 -0
- data/_book/module_0x3__network_kung_fu/oracle_tns_enum1.png +0 -0
- data/_book/module_0x3__network_kung_fu/packet_manipulation.html +1386 -0
- data/_book/module_0x3__network_kung_fu/ruby_socket.html +1553 -0
- data/_book/module_0x3__network_kung_fu/snmp_enumeration.html +1314 -0
- data/_book/module_0x3__network_kung_fu/ssh.html +1461 -0
- data/_book/module_0x3__network_kung_fu/ssid_finder.html +1324 -0
- data/_book/module_0x3__network_kung_fu/tns_enumeration.html +1505 -0
- data/_book/module_0x4__web_kung_fu/browser_manipulation.html +1630 -0
- data/_book/module_0x4__web_kung_fu/databases.html +1531 -0
- data/_book/module_0x4__web_kung_fu/extending_burpsuite.html +1303 -0
- data/_book/module_0x4__web_kung_fu/index.html +1536 -0
- data/_book/module_0x4__web_kung_fu/interacting_with_apis.html +1271 -0
- data/_book/module_0x4__web_kung_fu/ruby2javascript.html +1303 -0
- data/_book/module_0x4__web_kung_fu/sql_injection_scanner.html +1489 -0
- data/_book/module_0x4__web_kung_fu/twitter_api.html +1328 -0
- data/_book/module_0x4__web_kung_fu/web_servcies_and_apis.html +1291 -0
- data/_book/module_0x4__web_kung_fu/web_server_and_proxy.html +1370 -0
- data/_book/module_0x4__web_kung_fu/web_services.html +1394 -0
- data/_book/module_0x4__web_kung_fu/webfu__burp-ext1.png +0 -0
- data/_book/module_0x4__web_kung_fu/webfu__burp-ext2.png +0 -0
- data/_book/module_0x4__web_kung_fu/webfu__burp_setenv1.png +0 -0
- data/_book/module_0x4__web_kung_fu/webfu__proxy2.png +0 -0
- data/_book/module_0x4__web_kung_fu/webfu__twitterAPI1.png +0 -0
- data/_book/module_0x4__web_kung_fu/webfu__xmlrpc1.png +0 -0
- data/_book/module_0x4__web_kung_fu/wordpress_api.html +1543 -0
- data/_book/module_0x5__exploitation_kung_fu/MSF-struct.png +0 -0
- data/_book/module_0x5__exploitation_kung_fu/auxiliary_module.html +1870 -0
- data/_book/module_0x5__exploitation_kung_fu/exploit_module.html +1523 -0
- data/_book/module_0x5__exploitation_kung_fu/extensions.html +1466 -0
- data/_book/module_0x5__exploitation_kung_fu/fuzzer.html +1325 -0
- data/_book/module_0x5__exploitation_kung_fu/index.html +1319 -0
- data/_book/module_0x5__exploitation_kung_fu/metasm.html +1322 -0
- data/_book/module_0x5__exploitation_kung_fu/metasploit.html +1441 -0
- data/_book/module_0x5__exploitation_kung_fu/meterpreter.html +1327 -0
- data/_book/module_0x5__exploitation_kung_fu/meterpreter_scripting.html +1318 -0
- data/_book/module_0x5__exploitation_kung_fu/msf_meter_railgun1.png +0 -0
- data/_book/module_0x5__exploitation_kung_fu/msf_template1.png +0 -0
- data/_book/module_0x5__exploitation_kung_fu/railgun_api_extension.html +1300 -0
- data/_book/module_0x6__forensic/android_forensic.html +1356 -0
- data/_book/module_0x6__forensic/index.html +1332 -0
- data/_book/module_0x6__forensic/parsing_log_files.html +1375 -0
- data/_book/module_0x6__forensic/win-foren__winreg1.png +0 -0
- data/_book/module_0x6__forensic/windows_forensic.html +1289 -0
- data/_book/package.json +5 -0
- data/_book/references/index.html +1338 -0
- data/_book/required_gems.html +1342 -0
- data/_book/rubyfu_.png +0 -0
- data/_book/search_index.json +1 -0
- data/_book/styles/ebook.css +1 -0
- data/_book/styles/epub.css +1 -0
- data/_book/styles/header.js +5 -0
- data/_book/styles/mobi.css +1 -0
- data/_book/styles/pdf.css +1 -0
- data/_book/styles/website.css +41 -0
- data/bin/rubyfu +48 -0
- data/lib/rubyfu.rb +36 -0
- data/lib/rubyfu/browse.rb +35 -0
- data/lib/rubyfu/version.rb +3 -0
- data/lib/rubyfu/webserver.rb +30 -0
- metadata +210 -0
@@ -0,0 +1,1505 @@
|
|
1
|
+
<!DOCTYPE HTML>
|
2
|
+
<html lang="en" >
|
3
|
+
|
4
|
+
<head>
|
5
|
+
|
6
|
+
<meta charset="UTF-8">
|
7
|
+
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
|
8
|
+
<title>Oracle TNS Enumeration | RubyFu</title>
|
9
|
+
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
|
10
|
+
<meta name="description" content="">
|
11
|
+
<meta name="generator" content="GitBook 2.6.2">
|
12
|
+
|
13
|
+
|
14
|
+
<meta name="HandheldFriendly" content="true"/>
|
15
|
+
<meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no">
|
16
|
+
<meta name="apple-mobile-web-app-capable" content="yes">
|
17
|
+
<meta name="apple-mobile-web-app-status-bar-style" content="black">
|
18
|
+
<link rel="apple-touch-icon-precomposed" sizes="152x152" href="../gitbook/images/apple-touch-icon-precomposed-152.png">
|
19
|
+
<link rel="shortcut icon" href="../gitbook/images/favicon.ico" type="image/x-icon">
|
20
|
+
|
21
|
+
<link rel="stylesheet" href="../gitbook/style.css">
|
22
|
+
|
23
|
+
|
24
|
+
<link rel="stylesheet" href="../gitbook/plugins/gitbook-plugin-anchors/plugin.css">
|
25
|
+
|
26
|
+
|
27
|
+
|
28
|
+
<link rel="stylesheet" href="../gitbook/plugins/gitbook-plugin-splitter/splitter.css">
|
29
|
+
|
30
|
+
|
31
|
+
|
32
|
+
<link rel="stylesheet" href="../gitbook/plugins/gitbook-plugin-expandable-chapters/expandable-chapters.css">
|
33
|
+
|
34
|
+
|
35
|
+
|
36
|
+
<link rel="stylesheet" href="../gitbook/plugins/gitbook-plugin-highlight/website.css">
|
37
|
+
|
38
|
+
|
39
|
+
|
40
|
+
<link rel="stylesheet" href="../gitbook/plugins/gitbook-plugin-search/search.css">
|
41
|
+
|
42
|
+
|
43
|
+
|
44
|
+
<link rel="stylesheet" href="../gitbook/plugins/gitbook-plugin-fontsettings/website.css">
|
45
|
+
|
46
|
+
|
47
|
+
|
48
|
+
<link rel="stylesheet" href="../styles/website.css">
|
49
|
+
|
50
|
+
|
51
|
+
|
52
|
+
|
53
|
+
|
54
|
+
<link rel="next" href="../module_0x3__network_kung_fu/packet_manipulation.html" />
|
55
|
+
|
56
|
+
|
57
|
+
<link rel="prev" href="../module_0x3__network_kung_fu/snmp_enumeration.html" />
|
58
|
+
|
59
|
+
|
60
|
+
<script type="text/javascript" src="../styles/header.js"></script>
|
61
|
+
</head>
|
62
|
+
<body>
|
63
|
+
|
64
|
+
|
65
|
+
<div class="book"
|
66
|
+
data-level="3.9"
|
67
|
+
data-chapter-title="Oracle TNS Enumeration"
|
68
|
+
data-filepath="module_0x3__network_kung_fu/tns_enumeration.md"
|
69
|
+
data-basepath=".."
|
70
|
+
data-revision="Wed Jan 27 2016 09:00:51 GMT+0300 (AST)"
|
71
|
+
data-innerlanguage="">
|
72
|
+
|
73
|
+
|
74
|
+
<div class="book-summary">
|
75
|
+
<nav role="navigation">
|
76
|
+
<ul class="summary">
|
77
|
+
|
78
|
+
|
79
|
+
|
80
|
+
|
81
|
+
|
82
|
+
|
83
|
+
|
84
|
+
|
85
|
+
|
86
|
+
<li class="chapter " data-level="0" data-path="index.html">
|
87
|
+
|
88
|
+
|
89
|
+
<a href="../index.html">
|
90
|
+
|
91
|
+
<i class="fa fa-check"></i>
|
92
|
+
|
93
|
+
Module 0x0 | Introduction
|
94
|
+
</a>
|
95
|
+
|
96
|
+
|
97
|
+
<ul class="articles">
|
98
|
+
|
99
|
+
|
100
|
+
<li class="chapter " data-level="0.1" data-path="contribution.html">
|
101
|
+
|
102
|
+
|
103
|
+
<a href="../contribution.html">
|
104
|
+
|
105
|
+
<i class="fa fa-check"></i>
|
106
|
+
|
107
|
+
<b>0.1.</b>
|
108
|
+
|
109
|
+
Contribution
|
110
|
+
</a>
|
111
|
+
|
112
|
+
|
113
|
+
</li>
|
114
|
+
|
115
|
+
<li class="chapter " data-level="0.2" data-path="beginners.html">
|
116
|
+
|
117
|
+
|
118
|
+
<a href="../beginners.html">
|
119
|
+
|
120
|
+
<i class="fa fa-check"></i>
|
121
|
+
|
122
|
+
<b>0.2.</b>
|
123
|
+
|
124
|
+
Beginners
|
125
|
+
</a>
|
126
|
+
|
127
|
+
|
128
|
+
</li>
|
129
|
+
|
130
|
+
<li class="chapter " data-level="0.3" data-path="required_gems.html">
|
131
|
+
|
132
|
+
|
133
|
+
<a href="../required_gems.html">
|
134
|
+
|
135
|
+
<i class="fa fa-check"></i>
|
136
|
+
|
137
|
+
<b>0.3.</b>
|
138
|
+
|
139
|
+
Required Gems
|
140
|
+
</a>
|
141
|
+
|
142
|
+
|
143
|
+
</li>
|
144
|
+
|
145
|
+
|
146
|
+
</ul>
|
147
|
+
|
148
|
+
</li>
|
149
|
+
|
150
|
+
<li class="chapter " data-level="1" data-path="module_0x1__basic_ruby_kung_fu/index.html">
|
151
|
+
|
152
|
+
|
153
|
+
<a href="../module_0x1__basic_ruby_kung_fu/index.html">
|
154
|
+
|
155
|
+
<i class="fa fa-check"></i>
|
156
|
+
|
157
|
+
<b>1.</b>
|
158
|
+
|
159
|
+
Module 0x1 | Basic Ruby Kung Fu
|
160
|
+
</a>
|
161
|
+
|
162
|
+
|
163
|
+
<ul class="articles">
|
164
|
+
|
165
|
+
|
166
|
+
<li class="chapter " data-level="1.1" data-path="module_0x1__basic_ruby_kung_fu/string.html">
|
167
|
+
|
168
|
+
|
169
|
+
<a href="../module_0x1__basic_ruby_kung_fu/string.html">
|
170
|
+
|
171
|
+
<i class="fa fa-check"></i>
|
172
|
+
|
173
|
+
<b>1.1.</b>
|
174
|
+
|
175
|
+
String
|
176
|
+
</a>
|
177
|
+
|
178
|
+
|
179
|
+
<ul class="articles">
|
180
|
+
|
181
|
+
|
182
|
+
<li class="chapter " data-level="1.1.1" data-path="module_0x1__basic_ruby_kung_fu/conversion.html">
|
183
|
+
|
184
|
+
|
185
|
+
<a href="../module_0x1__basic_ruby_kung_fu/conversion.html">
|
186
|
+
|
187
|
+
<i class="fa fa-check"></i>
|
188
|
+
|
189
|
+
<b>1.1.1.</b>
|
190
|
+
|
191
|
+
Conversion
|
192
|
+
</a>
|
193
|
+
|
194
|
+
|
195
|
+
</li>
|
196
|
+
|
197
|
+
<li class="chapter " data-level="1.1.2" data-path="module_0x1__basic_ruby_kung_fu/extraction.html">
|
198
|
+
|
199
|
+
|
200
|
+
<a href="../module_0x1__basic_ruby_kung_fu/extraction.html">
|
201
|
+
|
202
|
+
<i class="fa fa-check"></i>
|
203
|
+
|
204
|
+
<b>1.1.2.</b>
|
205
|
+
|
206
|
+
Extraction
|
207
|
+
</a>
|
208
|
+
|
209
|
+
|
210
|
+
</li>
|
211
|
+
|
212
|
+
|
213
|
+
</ul>
|
214
|
+
|
215
|
+
</li>
|
216
|
+
|
217
|
+
<li class="chapter " data-level="1.2" data-path="module_0x1__basic_ruby_kung_fu/array.html">
|
218
|
+
|
219
|
+
|
220
|
+
<a href="../module_0x1__basic_ruby_kung_fu/array.html">
|
221
|
+
|
222
|
+
<i class="fa fa-check"></i>
|
223
|
+
|
224
|
+
<b>1.2.</b>
|
225
|
+
|
226
|
+
Array
|
227
|
+
</a>
|
228
|
+
|
229
|
+
|
230
|
+
</li>
|
231
|
+
|
232
|
+
|
233
|
+
</ul>
|
234
|
+
|
235
|
+
</li>
|
236
|
+
|
237
|
+
<li class="chapter " data-level="2" data-path="module_0x2__system_kung_fu/index.html">
|
238
|
+
|
239
|
+
|
240
|
+
<a href="../module_0x2__system_kung_fu/index.html">
|
241
|
+
|
242
|
+
<i class="fa fa-check"></i>
|
243
|
+
|
244
|
+
<b>2.</b>
|
245
|
+
|
246
|
+
Module 0x2 | System Kung Fu
|
247
|
+
</a>
|
248
|
+
|
249
|
+
|
250
|
+
<ul class="articles">
|
251
|
+
|
252
|
+
|
253
|
+
<li class="chapter " data-level="2.1" data-path="module_0x2__system_kung_fu/command_execution.html">
|
254
|
+
|
255
|
+
|
256
|
+
<a href="../module_0x2__system_kung_fu/command_execution.html">
|
257
|
+
|
258
|
+
<i class="fa fa-check"></i>
|
259
|
+
|
260
|
+
<b>2.1.</b>
|
261
|
+
|
262
|
+
Command Execution
|
263
|
+
</a>
|
264
|
+
|
265
|
+
|
266
|
+
</li>
|
267
|
+
|
268
|
+
<li class="chapter " data-level="2.2" data-path="module_0x2__system_kung_fu/file_manipulation.html">
|
269
|
+
|
270
|
+
|
271
|
+
<a href="../module_0x2__system_kung_fu/file_manipulation.html">
|
272
|
+
|
273
|
+
<i class="fa fa-check"></i>
|
274
|
+
|
275
|
+
<b>2.2.</b>
|
276
|
+
|
277
|
+
File manipulation
|
278
|
+
</a>
|
279
|
+
|
280
|
+
|
281
|
+
<ul class="articles">
|
282
|
+
|
283
|
+
|
284
|
+
<li class="chapter " data-level="2.2.1" data-path="module_0x2__system_kung_fu/parsing_html,_xml,_json.html">
|
285
|
+
|
286
|
+
|
287
|
+
<a href="../module_0x2__system_kung_fu/parsing_html,_xml,_json.html">
|
288
|
+
|
289
|
+
<i class="fa fa-check"></i>
|
290
|
+
|
291
|
+
<b>2.2.1.</b>
|
292
|
+
|
293
|
+
Parsing HTML, XML, JSON
|
294
|
+
</a>
|
295
|
+
|
296
|
+
|
297
|
+
</li>
|
298
|
+
|
299
|
+
|
300
|
+
</ul>
|
301
|
+
|
302
|
+
</li>
|
303
|
+
|
304
|
+
<li class="chapter " data-level="2.3" data-path="module_0x2__system_kung_fu/cryptography.html">
|
305
|
+
|
306
|
+
|
307
|
+
<a href="../module_0x2__system_kung_fu/cryptography.html">
|
308
|
+
|
309
|
+
<i class="fa fa-check"></i>
|
310
|
+
|
311
|
+
<b>2.3.</b>
|
312
|
+
|
313
|
+
Cryptography
|
314
|
+
</a>
|
315
|
+
|
316
|
+
|
317
|
+
</li>
|
318
|
+
|
319
|
+
<li class="chapter " data-level="2.4" data-path="module_0x2__system_kung_fu/system_shell.html">
|
320
|
+
|
321
|
+
|
322
|
+
<a href="../module_0x2__system_kung_fu/system_shell.html">
|
323
|
+
|
324
|
+
<i class="fa fa-check"></i>
|
325
|
+
|
326
|
+
<b>2.4.</b>
|
327
|
+
|
328
|
+
Remote Shell
|
329
|
+
</a>
|
330
|
+
|
331
|
+
|
332
|
+
<ul class="articles">
|
333
|
+
|
334
|
+
|
335
|
+
<li class="chapter " data-level="2.4.1" data-path="module_0x2__system_kung_fu/ncatrb.html">
|
336
|
+
|
337
|
+
|
338
|
+
<a href="../module_0x2__system_kung_fu/ncatrb.html">
|
339
|
+
|
340
|
+
<i class="fa fa-check"></i>
|
341
|
+
|
342
|
+
<b>2.4.1.</b>
|
343
|
+
|
344
|
+
Ncat.rb
|
345
|
+
</a>
|
346
|
+
|
347
|
+
|
348
|
+
</li>
|
349
|
+
|
350
|
+
<li class="chapter " data-level="2.4.2" data-path="module_0x2__system_kung_fu/rce_as_a_service.html">
|
351
|
+
|
352
|
+
|
353
|
+
<a href="../module_0x2__system_kung_fu/rce_as_a_service.html">
|
354
|
+
|
355
|
+
<i class="fa fa-check"></i>
|
356
|
+
|
357
|
+
<b>2.4.2.</b>
|
358
|
+
|
359
|
+
RCE as a Service
|
360
|
+
</a>
|
361
|
+
|
362
|
+
|
363
|
+
</li>
|
364
|
+
|
365
|
+
|
366
|
+
</ul>
|
367
|
+
|
368
|
+
</li>
|
369
|
+
|
370
|
+
<li class="chapter " data-level="2.5" data-path="module_0x2__system_kung_fu/virustotal.html">
|
371
|
+
|
372
|
+
|
373
|
+
<a href="../module_0x2__system_kung_fu/virustotal.html">
|
374
|
+
|
375
|
+
<i class="fa fa-check"></i>
|
376
|
+
|
377
|
+
<b>2.5.</b>
|
378
|
+
|
379
|
+
VirusTotal
|
380
|
+
</a>
|
381
|
+
|
382
|
+
|
383
|
+
</li>
|
384
|
+
|
385
|
+
|
386
|
+
</ul>
|
387
|
+
|
388
|
+
</li>
|
389
|
+
|
390
|
+
<li class="chapter " data-level="3" data-path="module_0x3__network_kung_fu/index.html">
|
391
|
+
|
392
|
+
|
393
|
+
<a href="../module_0x3__network_kung_fu/index.html">
|
394
|
+
|
395
|
+
<i class="fa fa-check"></i>
|
396
|
+
|
397
|
+
<b>3.</b>
|
398
|
+
|
399
|
+
Module 0x3 | Network Kung Fu
|
400
|
+
</a>
|
401
|
+
|
402
|
+
|
403
|
+
<ul class="articles">
|
404
|
+
|
405
|
+
|
406
|
+
<li class="chapter " data-level="3.1" data-path="module_0x3__network_kung_fu/ruby_socket.html">
|
407
|
+
|
408
|
+
|
409
|
+
<a href="../module_0x3__network_kung_fu/ruby_socket.html">
|
410
|
+
|
411
|
+
<i class="fa fa-check"></i>
|
412
|
+
|
413
|
+
<b>3.1.</b>
|
414
|
+
|
415
|
+
Ruby Socket
|
416
|
+
</a>
|
417
|
+
|
418
|
+
|
419
|
+
</li>
|
420
|
+
|
421
|
+
<li class="chapter " data-level="3.2" data-path="module_0x3__network_kung_fu/ssid_finder.html">
|
422
|
+
|
423
|
+
|
424
|
+
<a href="../module_0x3__network_kung_fu/ssid_finder.html">
|
425
|
+
|
426
|
+
<i class="fa fa-check"></i>
|
427
|
+
|
428
|
+
<b>3.2.</b>
|
429
|
+
|
430
|
+
SSID Finder
|
431
|
+
</a>
|
432
|
+
|
433
|
+
|
434
|
+
</li>
|
435
|
+
|
436
|
+
<li class="chapter " data-level="3.3" data-path="module_0x3__network_kung_fu/ftp.html">
|
437
|
+
|
438
|
+
|
439
|
+
<a href="../module_0x3__network_kung_fu/ftp.html">
|
440
|
+
|
441
|
+
<i class="fa fa-check"></i>
|
442
|
+
|
443
|
+
<b>3.3.</b>
|
444
|
+
|
445
|
+
FTP
|
446
|
+
</a>
|
447
|
+
|
448
|
+
|
449
|
+
</li>
|
450
|
+
|
451
|
+
<li class="chapter " data-level="3.4" data-path="module_0x3__network_kung_fu/ssh.html">
|
452
|
+
|
453
|
+
|
454
|
+
<a href="../module_0x3__network_kung_fu/ssh.html">
|
455
|
+
|
456
|
+
<i class="fa fa-check"></i>
|
457
|
+
|
458
|
+
<b>3.4.</b>
|
459
|
+
|
460
|
+
SSH
|
461
|
+
</a>
|
462
|
+
|
463
|
+
|
464
|
+
</li>
|
465
|
+
|
466
|
+
<li class="chapter " data-level="3.5" data-path="module_0x2__system_kung_fu/email.html">
|
467
|
+
|
468
|
+
|
469
|
+
<a href="../module_0x2__system_kung_fu/email.html">
|
470
|
+
|
471
|
+
<i class="fa fa-check"></i>
|
472
|
+
|
473
|
+
<b>3.5.</b>
|
474
|
+
|
475
|
+
Email
|
476
|
+
</a>
|
477
|
+
|
478
|
+
|
479
|
+
<ul class="articles">
|
480
|
+
|
481
|
+
|
482
|
+
<li class="chapter " data-level="3.5.1" data-path="module_0x2__system_kung_fu/smtp_enumeration.html">
|
483
|
+
|
484
|
+
|
485
|
+
<a href="../module_0x2__system_kung_fu/smtp_enumeration.html">
|
486
|
+
|
487
|
+
<i class="fa fa-check"></i>
|
488
|
+
|
489
|
+
<b>3.5.1.</b>
|
490
|
+
|
491
|
+
SMTP Enumeration
|
492
|
+
</a>
|
493
|
+
|
494
|
+
|
495
|
+
</li>
|
496
|
+
|
497
|
+
|
498
|
+
</ul>
|
499
|
+
|
500
|
+
</li>
|
501
|
+
|
502
|
+
<li class="chapter " data-level="3.6" data-path="module_0x3__network_kung_fu/network_scanning.html">
|
503
|
+
|
504
|
+
|
505
|
+
<a href="../module_0x3__network_kung_fu/network_scanning.html">
|
506
|
+
|
507
|
+
<i class="fa fa-check"></i>
|
508
|
+
|
509
|
+
<b>3.6.</b>
|
510
|
+
|
511
|
+
Network Scanning
|
512
|
+
</a>
|
513
|
+
|
514
|
+
|
515
|
+
<ul class="articles">
|
516
|
+
|
517
|
+
|
518
|
+
<li class="chapter " data-level="3.6.1" data-path="module_0x3__network_kung_fu/nmap.html">
|
519
|
+
|
520
|
+
|
521
|
+
<a href="../module_0x3__network_kung_fu/nmap.html">
|
522
|
+
|
523
|
+
<i class="fa fa-check"></i>
|
524
|
+
|
525
|
+
<b>3.6.1.</b>
|
526
|
+
|
527
|
+
Nmap
|
528
|
+
</a>
|
529
|
+
|
530
|
+
|
531
|
+
</li>
|
532
|
+
|
533
|
+
|
534
|
+
</ul>
|
535
|
+
|
536
|
+
</li>
|
537
|
+
|
538
|
+
<li class="chapter " data-level="3.7" data-path="module_0x3__network_kung_fu/dns.html">
|
539
|
+
|
540
|
+
|
541
|
+
<a href="../module_0x3__network_kung_fu/dns.html">
|
542
|
+
|
543
|
+
<i class="fa fa-check"></i>
|
544
|
+
|
545
|
+
<b>3.7.</b>
|
546
|
+
|
547
|
+
DNS
|
548
|
+
</a>
|
549
|
+
|
550
|
+
|
551
|
+
<ul class="articles">
|
552
|
+
|
553
|
+
|
554
|
+
<li class="chapter " data-level="3.7.1" data-path="module_0x3__network_kung_fu/dns_enumeration.html">
|
555
|
+
|
556
|
+
|
557
|
+
<a href="../module_0x3__network_kung_fu/dns_enumeration.html">
|
558
|
+
|
559
|
+
<i class="fa fa-check"></i>
|
560
|
+
|
561
|
+
<b>3.7.1.</b>
|
562
|
+
|
563
|
+
DNS Enumeration
|
564
|
+
</a>
|
565
|
+
|
566
|
+
|
567
|
+
</li>
|
568
|
+
|
569
|
+
|
570
|
+
</ul>
|
571
|
+
|
572
|
+
</li>
|
573
|
+
|
574
|
+
<li class="chapter " data-level="3.8" data-path="module_0x3__network_kung_fu/snmp_enumeration.html">
|
575
|
+
|
576
|
+
|
577
|
+
<a href="../module_0x3__network_kung_fu/snmp_enumeration.html">
|
578
|
+
|
579
|
+
<i class="fa fa-check"></i>
|
580
|
+
|
581
|
+
<b>3.8.</b>
|
582
|
+
|
583
|
+
SNMP Enumeration
|
584
|
+
</a>
|
585
|
+
|
586
|
+
|
587
|
+
</li>
|
588
|
+
|
589
|
+
<li class="chapter active" data-level="3.9" data-path="module_0x3__network_kung_fu/tns_enumeration.html">
|
590
|
+
|
591
|
+
|
592
|
+
<a href="../module_0x3__network_kung_fu/tns_enumeration.html">
|
593
|
+
|
594
|
+
<i class="fa fa-check"></i>
|
595
|
+
|
596
|
+
<b>3.9.</b>
|
597
|
+
|
598
|
+
Oracle TNS Enumeration
|
599
|
+
</a>
|
600
|
+
|
601
|
+
|
602
|
+
</li>
|
603
|
+
|
604
|
+
<li class="chapter " data-level="3.10" data-path="module_0x3__network_kung_fu/packet_manipulation.html">
|
605
|
+
|
606
|
+
|
607
|
+
<a href="../module_0x3__network_kung_fu/packet_manipulation.html">
|
608
|
+
|
609
|
+
<i class="fa fa-check"></i>
|
610
|
+
|
611
|
+
<b>3.10.</b>
|
612
|
+
|
613
|
+
Packet manipulation
|
614
|
+
</a>
|
615
|
+
|
616
|
+
|
617
|
+
<ul class="articles">
|
618
|
+
|
619
|
+
|
620
|
+
<li class="chapter " data-level="3.10.1" data-path="module_0x3__network_kung_fu/arp_spoofing.html">
|
621
|
+
|
622
|
+
|
623
|
+
<a href="../module_0x3__network_kung_fu/arp_spoofing.html">
|
624
|
+
|
625
|
+
<i class="fa fa-check"></i>
|
626
|
+
|
627
|
+
<b>3.10.1.</b>
|
628
|
+
|
629
|
+
ARP Spoofing
|
630
|
+
</a>
|
631
|
+
|
632
|
+
|
633
|
+
</li>
|
634
|
+
|
635
|
+
<li class="chapter " data-level="3.10.2" data-path="module_0x3__network_kung_fu/dns_spoofing.html">
|
636
|
+
|
637
|
+
|
638
|
+
<a href="../module_0x3__network_kung_fu/dns_spoofing.html">
|
639
|
+
|
640
|
+
<i class="fa fa-check"></i>
|
641
|
+
|
642
|
+
<b>3.10.2.</b>
|
643
|
+
|
644
|
+
DNS Spoofing
|
645
|
+
</a>
|
646
|
+
|
647
|
+
|
648
|
+
</li>
|
649
|
+
|
650
|
+
|
651
|
+
</ul>
|
652
|
+
|
653
|
+
</li>
|
654
|
+
|
655
|
+
|
656
|
+
</ul>
|
657
|
+
|
658
|
+
</li>
|
659
|
+
|
660
|
+
<li class="chapter " data-level="4" data-path="module_0x4__web_kung_fu/index.html">
|
661
|
+
|
662
|
+
|
663
|
+
<a href="../module_0x4__web_kung_fu/index.html">
|
664
|
+
|
665
|
+
<i class="fa fa-check"></i>
|
666
|
+
|
667
|
+
<b>4.</b>
|
668
|
+
|
669
|
+
Module 0x4 | Web Kung Fu
|
670
|
+
</a>
|
671
|
+
|
672
|
+
|
673
|
+
<ul class="articles">
|
674
|
+
|
675
|
+
|
676
|
+
<li class="chapter " data-level="4.1" data-path="module_0x4__web_kung_fu/sql_injection_scanner.html">
|
677
|
+
|
678
|
+
|
679
|
+
<a href="../module_0x4__web_kung_fu/sql_injection_scanner.html">
|
680
|
+
|
681
|
+
<i class="fa fa-check"></i>
|
682
|
+
|
683
|
+
<b>4.1.</b>
|
684
|
+
|
685
|
+
SQL Injection Scanner
|
686
|
+
</a>
|
687
|
+
|
688
|
+
|
689
|
+
</li>
|
690
|
+
|
691
|
+
<li class="chapter " data-level="4.2" data-path="module_0x4__web_kung_fu/databases.html">
|
692
|
+
|
693
|
+
|
694
|
+
<a href="../module_0x4__web_kung_fu/databases.html">
|
695
|
+
|
696
|
+
<i class="fa fa-check"></i>
|
697
|
+
|
698
|
+
<b>4.2.</b>
|
699
|
+
|
700
|
+
Databases
|
701
|
+
</a>
|
702
|
+
|
703
|
+
|
704
|
+
</li>
|
705
|
+
|
706
|
+
<li class="chapter " data-level="4.3" data-path="module_0x4__web_kung_fu/extending_burpsuite.html">
|
707
|
+
|
708
|
+
|
709
|
+
<a href="../module_0x4__web_kung_fu/extending_burpsuite.html">
|
710
|
+
|
711
|
+
<i class="fa fa-check"></i>
|
712
|
+
|
713
|
+
<b>4.3.</b>
|
714
|
+
|
715
|
+
Extending Burp Suite
|
716
|
+
</a>
|
717
|
+
|
718
|
+
|
719
|
+
</li>
|
720
|
+
|
721
|
+
<li class="chapter " data-level="4.4" data-path="module_0x4__web_kung_fu/browser_manipulation.html">
|
722
|
+
|
723
|
+
|
724
|
+
<a href="../module_0x4__web_kung_fu/browser_manipulation.html">
|
725
|
+
|
726
|
+
<i class="fa fa-check"></i>
|
727
|
+
|
728
|
+
<b>4.4.</b>
|
729
|
+
|
730
|
+
Browser Manipulation
|
731
|
+
</a>
|
732
|
+
|
733
|
+
|
734
|
+
</li>
|
735
|
+
|
736
|
+
<li class="chapter " data-level="4.5" data-path="module_0x4__web_kung_fu/web_servcies_and_apis.html">
|
737
|
+
|
738
|
+
|
739
|
+
<a href="../module_0x4__web_kung_fu/web_servcies_and_apis.html">
|
740
|
+
|
741
|
+
<i class="fa fa-check"></i>
|
742
|
+
|
743
|
+
<b>4.5.</b>
|
744
|
+
|
745
|
+
Web Services and APIs
|
746
|
+
</a>
|
747
|
+
|
748
|
+
|
749
|
+
<ul class="articles">
|
750
|
+
|
751
|
+
|
752
|
+
<li class="chapter " data-level="4.5.1" data-path="module_0x4__web_kung_fu/web_services.html">
|
753
|
+
|
754
|
+
|
755
|
+
<a href="../module_0x4__web_kung_fu/web_services.html">
|
756
|
+
|
757
|
+
<i class="fa fa-check"></i>
|
758
|
+
|
759
|
+
<b>4.5.1.</b>
|
760
|
+
|
761
|
+
Interacting with Web Services
|
762
|
+
</a>
|
763
|
+
|
764
|
+
|
765
|
+
</li>
|
766
|
+
|
767
|
+
<li class="chapter " data-level="4.5.2" data-path="module_0x4__web_kung_fu/interacting_with_apis.html">
|
768
|
+
|
769
|
+
|
770
|
+
<a href="../module_0x4__web_kung_fu/interacting_with_apis.html">
|
771
|
+
|
772
|
+
<i class="fa fa-check"></i>
|
773
|
+
|
774
|
+
<b>4.5.2.</b>
|
775
|
+
|
776
|
+
Interacting with APIs
|
777
|
+
</a>
|
778
|
+
|
779
|
+
|
780
|
+
<ul class="articles">
|
781
|
+
|
782
|
+
|
783
|
+
<li class="chapter " data-level="4.5.2.1" data-path="module_0x4__web_kung_fu/wordpress_api.html">
|
784
|
+
|
785
|
+
|
786
|
+
<a href="../module_0x4__web_kung_fu/wordpress_api.html">
|
787
|
+
|
788
|
+
<i class="fa fa-check"></i>
|
789
|
+
|
790
|
+
<b>4.5.2.1.</b>
|
791
|
+
|
792
|
+
WordPress API
|
793
|
+
</a>
|
794
|
+
|
795
|
+
|
796
|
+
</li>
|
797
|
+
|
798
|
+
<li class="chapter " data-level="4.5.2.2" data-path="module_0x4__web_kung_fu/twitter_api.html">
|
799
|
+
|
800
|
+
|
801
|
+
<a href="../module_0x4__web_kung_fu/twitter_api.html">
|
802
|
+
|
803
|
+
<i class="fa fa-check"></i>
|
804
|
+
|
805
|
+
<b>4.5.2.2.</b>
|
806
|
+
|
807
|
+
Twitter API
|
808
|
+
</a>
|
809
|
+
|
810
|
+
|
811
|
+
</li>
|
812
|
+
|
813
|
+
|
814
|
+
</ul>
|
815
|
+
|
816
|
+
</li>
|
817
|
+
|
818
|
+
|
819
|
+
</ul>
|
820
|
+
|
821
|
+
</li>
|
822
|
+
|
823
|
+
<li class="chapter " data-level="4.6" data-path="module_0x4__web_kung_fu/ruby2javascript.html">
|
824
|
+
|
825
|
+
|
826
|
+
<a href="../module_0x4__web_kung_fu/ruby2javascript.html">
|
827
|
+
|
828
|
+
<i class="fa fa-check"></i>
|
829
|
+
|
830
|
+
<b>4.6.</b>
|
831
|
+
|
832
|
+
Ruby 2 JavaScript
|
833
|
+
</a>
|
834
|
+
|
835
|
+
|
836
|
+
</li>
|
837
|
+
|
838
|
+
<li class="chapter " data-level="4.7" data-path="module_0x4__web_kung_fu/web_server_and_proxy.html">
|
839
|
+
|
840
|
+
|
841
|
+
<a href="../module_0x4__web_kung_fu/web_server_and_proxy.html">
|
842
|
+
|
843
|
+
<i class="fa fa-check"></i>
|
844
|
+
|
845
|
+
<b>4.7.</b>
|
846
|
+
|
847
|
+
Web Server and Proxy
|
848
|
+
</a>
|
849
|
+
|
850
|
+
|
851
|
+
</li>
|
852
|
+
|
853
|
+
|
854
|
+
</ul>
|
855
|
+
|
856
|
+
</li>
|
857
|
+
|
858
|
+
<li class="chapter " data-level="5" data-path="module_0x5__exploitation_kung_fu/index.html">
|
859
|
+
|
860
|
+
|
861
|
+
<a href="../module_0x5__exploitation_kung_fu/index.html">
|
862
|
+
|
863
|
+
<i class="fa fa-check"></i>
|
864
|
+
|
865
|
+
<b>5.</b>
|
866
|
+
|
867
|
+
Module 0x5 | Exploitation Kung Fu
|
868
|
+
</a>
|
869
|
+
|
870
|
+
|
871
|
+
<ul class="articles">
|
872
|
+
|
873
|
+
|
874
|
+
<li class="chapter " data-level="5.1" data-path="module_0x5__exploitation_kung_fu/fuzzer.html">
|
875
|
+
|
876
|
+
|
877
|
+
<a href="../module_0x5__exploitation_kung_fu/fuzzer.html">
|
878
|
+
|
879
|
+
<i class="fa fa-check"></i>
|
880
|
+
|
881
|
+
<b>5.1.</b>
|
882
|
+
|
883
|
+
Fuzzer
|
884
|
+
</a>
|
885
|
+
|
886
|
+
|
887
|
+
</li>
|
888
|
+
|
889
|
+
<li class="chapter " data-level="5.2" data-path="module_0x5__exploitation_kung_fu/metasploit.html">
|
890
|
+
|
891
|
+
|
892
|
+
<a href="../module_0x5__exploitation_kung_fu/metasploit.html">
|
893
|
+
|
894
|
+
<i class="fa fa-check"></i>
|
895
|
+
|
896
|
+
<b>5.2.</b>
|
897
|
+
|
898
|
+
Metasploit
|
899
|
+
</a>
|
900
|
+
|
901
|
+
|
902
|
+
<ul class="articles">
|
903
|
+
|
904
|
+
|
905
|
+
<li class="chapter " data-level="5.2.1" data-path="module_0x5__exploitation_kung_fu/auxiliary_module.html">
|
906
|
+
|
907
|
+
|
908
|
+
<a href="../module_0x5__exploitation_kung_fu/auxiliary_module.html">
|
909
|
+
|
910
|
+
<i class="fa fa-check"></i>
|
911
|
+
|
912
|
+
<b>5.2.1.</b>
|
913
|
+
|
914
|
+
Auxiliary module
|
915
|
+
</a>
|
916
|
+
|
917
|
+
|
918
|
+
</li>
|
919
|
+
|
920
|
+
<li class="chapter " data-level="5.2.2" data-path="module_0x5__exploitation_kung_fu/exploit_module.html">
|
921
|
+
|
922
|
+
|
923
|
+
<a href="../module_0x5__exploitation_kung_fu/exploit_module.html">
|
924
|
+
|
925
|
+
<i class="fa fa-check"></i>
|
926
|
+
|
927
|
+
<b>5.2.2.</b>
|
928
|
+
|
929
|
+
Exploit module
|
930
|
+
</a>
|
931
|
+
|
932
|
+
|
933
|
+
</li>
|
934
|
+
|
935
|
+
<li class="chapter " data-level="5.2.3" data-path="module_0x5__exploitation_kung_fu/meterpreter.html">
|
936
|
+
|
937
|
+
|
938
|
+
<a href="../module_0x5__exploitation_kung_fu/meterpreter.html">
|
939
|
+
|
940
|
+
<i class="fa fa-check"></i>
|
941
|
+
|
942
|
+
<b>5.2.3.</b>
|
943
|
+
|
944
|
+
Meterpreter
|
945
|
+
</a>
|
946
|
+
|
947
|
+
|
948
|
+
<ul class="articles">
|
949
|
+
|
950
|
+
|
951
|
+
<li class="chapter " data-level="5.2.3.1" data-path="module_0x5__exploitation_kung_fu/extensions.html">
|
952
|
+
|
953
|
+
|
954
|
+
<a href="../module_0x5__exploitation_kung_fu/extensions.html">
|
955
|
+
|
956
|
+
<i class="fa fa-check"></i>
|
957
|
+
|
958
|
+
<b>5.2.3.1.</b>
|
959
|
+
|
960
|
+
API and Extensions
|
961
|
+
</a>
|
962
|
+
|
963
|
+
|
964
|
+
</li>
|
965
|
+
|
966
|
+
<li class="chapter " data-level="5.2.3.2" data-path="module_0x5__exploitation_kung_fu/meterpreter_scripting.html">
|
967
|
+
|
968
|
+
|
969
|
+
<a href="../module_0x5__exploitation_kung_fu/meterpreter_scripting.html">
|
970
|
+
|
971
|
+
<i class="fa fa-check"></i>
|
972
|
+
|
973
|
+
<b>5.2.3.2.</b>
|
974
|
+
|
975
|
+
Meterpreter Scripting
|
976
|
+
</a>
|
977
|
+
|
978
|
+
|
979
|
+
</li>
|
980
|
+
|
981
|
+
<li class="chapter " data-level="5.2.3.3" data-path="module_0x5__exploitation_kung_fu/railgun_api_extension.html">
|
982
|
+
|
983
|
+
|
984
|
+
<a href="../module_0x5__exploitation_kung_fu/railgun_api_extension.html">
|
985
|
+
|
986
|
+
<i class="fa fa-check"></i>
|
987
|
+
|
988
|
+
<b>5.2.3.3.</b>
|
989
|
+
|
990
|
+
Railgun API Extension
|
991
|
+
</a>
|
992
|
+
|
993
|
+
|
994
|
+
</li>
|
995
|
+
|
996
|
+
|
997
|
+
</ul>
|
998
|
+
|
999
|
+
</li>
|
1000
|
+
|
1001
|
+
|
1002
|
+
</ul>
|
1003
|
+
|
1004
|
+
</li>
|
1005
|
+
|
1006
|
+
<li class="chapter " data-level="5.3" data-path="module_0x5__exploitation_kung_fu/metasm.html">
|
1007
|
+
|
1008
|
+
|
1009
|
+
<a href="../module_0x5__exploitation_kung_fu/metasm.html">
|
1010
|
+
|
1011
|
+
<i class="fa fa-check"></i>
|
1012
|
+
|
1013
|
+
<b>5.3.</b>
|
1014
|
+
|
1015
|
+
metasm
|
1016
|
+
</a>
|
1017
|
+
|
1018
|
+
|
1019
|
+
</li>
|
1020
|
+
|
1021
|
+
|
1022
|
+
</ul>
|
1023
|
+
|
1024
|
+
</li>
|
1025
|
+
|
1026
|
+
<li class="chapter " data-level="6" data-path="module_0x6__forensic/index.html">
|
1027
|
+
|
1028
|
+
|
1029
|
+
<a href="../module_0x6__forensic/index.html">
|
1030
|
+
|
1031
|
+
<i class="fa fa-check"></i>
|
1032
|
+
|
1033
|
+
<b>6.</b>
|
1034
|
+
|
1035
|
+
Module 0x6 | Forensic Kung Fu
|
1036
|
+
</a>
|
1037
|
+
|
1038
|
+
|
1039
|
+
<ul class="articles">
|
1040
|
+
|
1041
|
+
|
1042
|
+
<li class="chapter " data-level="6.1" data-path="module_0x6__forensic/windows_forensic.html">
|
1043
|
+
|
1044
|
+
|
1045
|
+
<a href="../module_0x6__forensic/windows_forensic.html">
|
1046
|
+
|
1047
|
+
<i class="fa fa-check"></i>
|
1048
|
+
|
1049
|
+
<b>6.1.</b>
|
1050
|
+
|
1051
|
+
Windows Forensic
|
1052
|
+
</a>
|
1053
|
+
|
1054
|
+
|
1055
|
+
</li>
|
1056
|
+
|
1057
|
+
<li class="chapter " data-level="6.2" data-path="module_0x6__forensic/android_forensic.html">
|
1058
|
+
|
1059
|
+
|
1060
|
+
<a href="../module_0x6__forensic/android_forensic.html">
|
1061
|
+
|
1062
|
+
<i class="fa fa-check"></i>
|
1063
|
+
|
1064
|
+
<b>6.2.</b>
|
1065
|
+
|
1066
|
+
Android Forensic
|
1067
|
+
</a>
|
1068
|
+
|
1069
|
+
|
1070
|
+
</li>
|
1071
|
+
|
1072
|
+
<li class="chapter " data-level="6.3" data-path="module_0x3__network_kung_fu/network_traffic_analysis.html">
|
1073
|
+
|
1074
|
+
|
1075
|
+
<a href="../module_0x3__network_kung_fu/network_traffic_analysis.html">
|
1076
|
+
|
1077
|
+
<i class="fa fa-check"></i>
|
1078
|
+
|
1079
|
+
<b>6.3.</b>
|
1080
|
+
|
1081
|
+
Network Traffic Analysis
|
1082
|
+
</a>
|
1083
|
+
|
1084
|
+
|
1085
|
+
</li>
|
1086
|
+
|
1087
|
+
<li class="chapter " data-level="6.4" data-path="module_0x6__forensic/parsing_log_files.html">
|
1088
|
+
|
1089
|
+
|
1090
|
+
<a href="../module_0x6__forensic/parsing_log_files.html">
|
1091
|
+
|
1092
|
+
<i class="fa fa-check"></i>
|
1093
|
+
|
1094
|
+
<b>6.4.</b>
|
1095
|
+
|
1096
|
+
Parsing Log Files
|
1097
|
+
</a>
|
1098
|
+
|
1099
|
+
|
1100
|
+
</li>
|
1101
|
+
|
1102
|
+
|
1103
|
+
</ul>
|
1104
|
+
|
1105
|
+
</li>
|
1106
|
+
|
1107
|
+
<li class="chapter " data-level="7" data-path="references/index.html">
|
1108
|
+
|
1109
|
+
|
1110
|
+
<a href="../references/index.html">
|
1111
|
+
|
1112
|
+
<i class="fa fa-check"></i>
|
1113
|
+
|
1114
|
+
<b>7.</b>
|
1115
|
+
|
1116
|
+
References
|
1117
|
+
</a>
|
1118
|
+
|
1119
|
+
|
1120
|
+
</li>
|
1121
|
+
|
1122
|
+
<li class="chapter " data-level="8" data-path="faqs/index.html">
|
1123
|
+
|
1124
|
+
|
1125
|
+
<a href="../faqs/index.html">
|
1126
|
+
|
1127
|
+
<i class="fa fa-check"></i>
|
1128
|
+
|
1129
|
+
<b>8.</b>
|
1130
|
+
|
1131
|
+
FAQs
|
1132
|
+
</a>
|
1133
|
+
|
1134
|
+
|
1135
|
+
</li>
|
1136
|
+
|
1137
|
+
<li class="chapter " data-level="9" data-path="contributors/index.html">
|
1138
|
+
|
1139
|
+
|
1140
|
+
<a href="../contributors/index.html">
|
1141
|
+
|
1142
|
+
<i class="fa fa-check"></i>
|
1143
|
+
|
1144
|
+
<b>9.</b>
|
1145
|
+
|
1146
|
+
Contributors
|
1147
|
+
</a>
|
1148
|
+
|
1149
|
+
|
1150
|
+
<ul class="articles">
|
1151
|
+
|
1152
|
+
|
1153
|
+
<li class="chapter " data-level="9.1" data-path="contributors/todo.html">
|
1154
|
+
|
1155
|
+
|
1156
|
+
<a href="../contributors/todo.html">
|
1157
|
+
|
1158
|
+
<i class="fa fa-check"></i>
|
1159
|
+
|
1160
|
+
<b>9.1.</b>
|
1161
|
+
|
1162
|
+
TODO
|
1163
|
+
</a>
|
1164
|
+
|
1165
|
+
|
1166
|
+
</li>
|
1167
|
+
|
1168
|
+
|
1169
|
+
</ul>
|
1170
|
+
|
1171
|
+
</li>
|
1172
|
+
|
1173
|
+
|
1174
|
+
|
1175
|
+
|
1176
|
+
<li class="divider"></li>
|
1177
|
+
<li>
|
1178
|
+
<a href="https://www.gitbook.com" target="blank" class="gitbook-link">
|
1179
|
+
Published with GitBook
|
1180
|
+
</a>
|
1181
|
+
</li>
|
1182
|
+
|
1183
|
+
</ul>
|
1184
|
+
</nav>
|
1185
|
+
</div>
|
1186
|
+
|
1187
|
+
<div class="book-body">
|
1188
|
+
<div class="body-inner">
|
1189
|
+
<div class="book-header" role="navigation">
|
1190
|
+
<!-- Actions Left -->
|
1191
|
+
|
1192
|
+
|
1193
|
+
<!-- Title -->
|
1194
|
+
<h1>
|
1195
|
+
<i class="fa fa-circle-o-notch fa-spin"></i>
|
1196
|
+
<a href="../" >RubyFu</a>
|
1197
|
+
</h1>
|
1198
|
+
</div>
|
1199
|
+
|
1200
|
+
<div class="page-wrapper" tabindex="-1" role="main">
|
1201
|
+
<div class="page-inner">
|
1202
|
+
|
1203
|
+
|
1204
|
+
<section class="normal" id="section-">
|
1205
|
+
|
1206
|
+
<h1 id="oracle-tns-enumeration"><a name="oracle-tns-enumeration" class="plugin-anchor" href="#oracle-tns-enumeration"><span class="fa fa-link"></span></a>Oracle TNS Enumeration</h1>
|
1207
|
+
<p>The practical way to understand how to a specific protocol works is to use it's client tools and monitor its packets. </p>
|
1208
|
+
<p>If you take a look to pure connection of SQL*plus client to a TNS listener from Wireshark, you'll find the first connect packet as bellow </p>
|
1209
|
+
<table>
|
1210
|
+
<thead>
|
1211
|
+
<tr>
|
1212
|
+
<th style="text-align:center"><img src="oracle_tns_enum1.png" alt="Wireshark"></th>
|
1213
|
+
</tr>
|
1214
|
+
</thead>
|
1215
|
+
<tbody>
|
1216
|
+
<tr>
|
1217
|
+
<td style="text-align:center"><strong>Figure 1.</strong> TNS Packet</td>
|
1218
|
+
</tr>
|
1219
|
+
</tbody>
|
1220
|
+
</table>
|
1221
|
+
<ul>
|
1222
|
+
<li>TNS Packet Description <pre><code>Transparent Network Substrate Protocol
|
1223
|
+
Packet Length: 224
|
1224
|
+
Packet Checksum: 0x0000
|
1225
|
+
Packet Type: Connect (1) 0x01
|
1226
|
+
Reserved Byte: 00
|
1227
|
+
Header Checksum: 0x0000
|
1228
|
+
Connect
|
1229
|
+
Version: 315
|
1230
|
+
Version (Compatible): 300
|
1231
|
+
Service Options: 0x0c41
|
1232
|
+
Session Data Unit Size: 8192
|
1233
|
+
Maximum Transmission Data Unit Size: 65535
|
1234
|
+
NT Protocol Characteristics: 0x7f08
|
1235
|
+
Line Turnaround Value: 0
|
1236
|
+
Value of 1 in Hardware: 0100
|
1237
|
+
Length of Connect Data: 154
|
1238
|
+
Offset to Connect Data: 70
|
1239
|
+
Maximum Receivable Connect Data: 2048
|
1240
|
+
Connect Flags 0: 0x41
|
1241
|
+
Connect Flags 1: 0x41
|
1242
|
+
Trace Cross Facility Item 1: 0x00000000
|
1243
|
+
Trace Cross Facility Item 2: 0x00000000
|
1244
|
+
Trace Unique Connection ID: 0x0000000000000000
|
1245
|
+
Connect Data: (DESCRIPTION=(CONNECT_DATA=(SERVICE_NAME=XE)(CID=(PROGRAM=sqlplus@Archer)(HOST=Archer)(USER=KING)))(ADDRESS=(PROTOCOL=TCP)(HOST=192.168.0.13)(PORT=1521)))
|
1246
|
+
</code></pre></li>
|
1247
|
+
</ul>
|
1248
|
+
<ul>
|
1249
|
+
<li>TNS Packet Hexdump <pre><code>0000 08 00 27 3a fb 1d 3c 77 e6 68 66 e9 08 00 45 00 ..':..<w.hf...E.
|
1250
|
+
0010 01 14 65 4f 40 00 40 06 53 28 c0 a8 00 0f c0 a8 ..eO@.@.S(......
|
1251
|
+
0020 00 0d 81 32 05 f1 04 d7 76 08 c9 98 31 e3 80 18 ...2....v...1...
|
1252
|
+
0030 00 e5 0f 40 00 00 01 01 08 0a 0d 8a 13 4a 05 44 ...@.........J.D
|
1253
|
+
0040 03 b3 00 e0 00 00 01 00 00 00 01 3b 01 2c 0c 41 ...........;.,.A
|
1254
|
+
0050 20 00 ff ff 7f 08 00 00 01 00 00 9a 00 46 00 00 ............F..
|
1255
|
+
0060 08 00 41 41 00 00 00 00 00 00 00 00 00 00 00 00 ..AA............
|
1256
|
+
0070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 .............. .
|
1257
|
+
0080 00 20 00 00 00 00 00 00 28 44 45 53 43 52 49 50 . ......(DESCRIP
|
1258
|
+
0090 54 49 4f 4e 3d 28 43 4f 4e 4e 45 43 54 5f 44 41 TION=(CONNECT_DA
|
1259
|
+
00a0 54 41 3d 28 53 45 52 56 49 43 45 5f 4e 41 4d 45 TA=(SERVICE_NAME
|
1260
|
+
00b0 3d 58 45 29 28 43 49 44 3d 28 50 52 4f 47 52 41 =XE)(CID=(PROGRA
|
1261
|
+
00c0 4d 3d 73 71 6c 70 6c 75 73 40 41 72 63 68 65 72 M=sqlplus@Archer
|
1262
|
+
00d0 29 28 48 4f 53 54 3d 41 72 63 68 65 72 29 28 55 )(HOST=Archer)(U
|
1263
|
+
00e0 53 45 52 3d 4b 49 4e 47 29 29 29 28 41 44 44 52 SER=KING)))(ADDR
|
1264
|
+
00f0 45 53 53 3d 28 50 52 4f 54 4f 43 4f 4c 3d 54 43 ESS=(PROTOCOL=TC
|
1265
|
+
0100 50 29 28 48 4f 53 54 3d 31 39 32 2e 31 36 38 2e P)(HOST=192.168.
|
1266
|
+
0110 30 2e 31 33 29 28 50 4f 52 54 3d 31 35 32 31 29 0.13)(PORT=1521)
|
1267
|
+
0120 29 29 ))
|
1268
|
+
</code></pre></li>
|
1269
|
+
</ul>
|
1270
|
+
<p>Now base on our understanding, let's to build an equivalent request using ruby.</p>
|
1271
|
+
<ul>
|
1272
|
+
<li>TNS packet builder</li>
|
1273
|
+
</ul>
|
1274
|
+
<pre><code class="lang-ruby"><span class="hljs-function"><span class="hljs-keyword">def</span> <span class="hljs-title">tns_packet</span><span class="hljs-params">(connect_data)</span></span>
|
1275
|
+
|
1276
|
+
<span class="hljs-comment">#=> Transparent Network Substrate Protocol</span>
|
1277
|
+
<span class="hljs-comment"># Packet Length</span>
|
1278
|
+
pkt = [<span class="hljs-number">58</span> + connect_data.length].pack(<span class="hljs-string">'n'</span>)
|
1279
|
+
<span class="hljs-comment"># Packet Checksum</span>
|
1280
|
+
pkt << <span class="hljs-string">"\x00\x00"</span>
|
1281
|
+
<span class="hljs-comment"># Packet Type: Connect(1)</span>
|
1282
|
+
pkt << <span class="hljs-string">"\x01"</span>
|
1283
|
+
<span class="hljs-comment"># Reserved Byte</span>
|
1284
|
+
pkt << <span class="hljs-string">"\x00"</span>
|
1285
|
+
<span class="hljs-comment"># Header Checksum</span>
|
1286
|
+
pkt << <span class="hljs-string">"\x00\x00"</span>
|
1287
|
+
<span class="hljs-comment">#=> Connect</span>
|
1288
|
+
<span class="hljs-comment"># Version</span>
|
1289
|
+
pkt << <span class="hljs-string">"\x01\x36"</span>
|
1290
|
+
<span class="hljs-comment"># Version (Compatible)</span>
|
1291
|
+
pkt << <span class="hljs-string">"\x01\x2C"</span>
|
1292
|
+
<span class="hljs-comment"># Service Options</span>
|
1293
|
+
pkt << <span class="hljs-string">"\x00\x00"</span>
|
1294
|
+
<span class="hljs-comment"># Session Data Unit Size</span>
|
1295
|
+
pkt << <span class="hljs-string">"\x08\x00"</span>
|
1296
|
+
<span class="hljs-comment"># Maximum Transmission Data Unit Size</span>
|
1297
|
+
pkt << <span class="hljs-string">"\xFF\xFF"</span>
|
1298
|
+
<span class="hljs-comment"># NT Protocol Characteristics</span>
|
1299
|
+
pkt << <span class="hljs-string">"\x7F\x08"</span>
|
1300
|
+
<span class="hljs-comment"># Line Turnaround Value</span>
|
1301
|
+
pkt << <span class="hljs-string">"\x00\x00"</span>
|
1302
|
+
<span class="hljs-comment"># Value of 1 in Hardware</span>
|
1303
|
+
pkt << <span class="hljs-string">"\x00\x01"</span>
|
1304
|
+
<span class="hljs-comment"># Length of Connect Data</span>
|
1305
|
+
pkt << [connect_data.length].pack(<span class="hljs-string">'n'</span>)
|
1306
|
+
<span class="hljs-comment"># Offset to Connect Data</span>
|
1307
|
+
pkt << <span class="hljs-string">"\x00\x3A"</span>
|
1308
|
+
<span class="hljs-comment"># Maximum Receivable Connect Data</span>
|
1309
|
+
pkt << <span class="hljs-string">"\x00\x00\x00\x00"</span>
|
1310
|
+
<span class="hljs-comment"># Connect Flags 0</span>
|
1311
|
+
pkt << <span class="hljs-string">"\x00"</span>
|
1312
|
+
<span class="hljs-comment"># Connect Flags 1</span>
|
1313
|
+
pkt << <span class="hljs-string">"\x00"</span>
|
1314
|
+
<span class="hljs-comment"># Trace Cross Facility Item 1</span>
|
1315
|
+
pkt << <span class="hljs-string">"\x00\x00\x00\x00"</span>
|
1316
|
+
<span class="hljs-comment"># Trace Cross Facility Item 2</span>
|
1317
|
+
pkt << <span class="hljs-string">"\x00\x00\x00\x00"</span>
|
1318
|
+
<span class="hljs-comment"># Trace Unique Connection ID</span>
|
1319
|
+
pkt << <span class="hljs-string">"\x00\x00\x34\xE6\x00\x00\x00\x01"</span>
|
1320
|
+
<span class="hljs-comment"># Connect Data</span>
|
1321
|
+
pkt << <span class="hljs-string">"\x00\x00\x00\x00\x00\x00\x00\x00"</span>
|
1322
|
+
pkt << connect_data
|
1323
|
+
|
1324
|
+
<span class="hljs-keyword">return</span> pkt
|
1325
|
+
|
1326
|
+
<span class="hljs-keyword">end</span>
|
1327
|
+
</code></pre>
|
1328
|
+
<ul>
|
1329
|
+
<li>SID Request </li>
|
1330
|
+
</ul>
|
1331
|
+
<p>There is a data structure for interacting with the TNS which is similar to the following <code>(DESCRIPTION=(CONNECT_DATA=(SID=#{sid})(CID=(PROGRAM=)(HOST=__jdbc__)(USER=)))(ADDRESS=(PROTOCOL=tcp)(HOST=#{host})(PORT=#{port})))</code></p>
|
1332
|
+
<pre><code class="lang-ruby"><span class="hljs-function"><span class="hljs-keyword">def</span> <span class="hljs-title">sid_request</span><span class="hljs-params">(sid,host, port)</span></span>
|
1333
|
+
connect_data = <span class="hljs-string">"(DESCRIPTION=(CONNECT_DATA=(SID=<span class="hljs-subst">#{sid}</span>)(CID=(PROGRAM=)(HOST=__jdbc__)(USER=)))(ADDRESS=(PROTOCOL=tcp)(HOST=<span class="hljs-subst">#{host}</span>)(PORT=<span class="hljs-subst">#{port}</span>)))"</span>
|
1334
|
+
pkt = tns_packet(connect_data)
|
1335
|
+
<span class="hljs-keyword">end</span>
|
1336
|
+
</code></pre>
|
1337
|
+
<p>Now we have everything to send our packet, let's to build a simple tns brute force to enumerate the exist tns listeners. The default behavior for oracle 11g is to reply with nothing if listener exist, and reply with error if it doesn't, the error similar to this <code>g"[(DESCRIPTION=(TMP=)(VSNNUM=186647040)(ERR=12505)(ERROR_STACK=(ERROR=(CODE=12505)(EMFI=4))))</code>.</p>
|
1338
|
+
<p>Let's to warp everything together by build a SID brute force script</p>
|
1339
|
+
<h3 id="sid-brute-force"><a name="sid-brute-force" class="plugin-anchor" href="#sid-brute-force"><span class="fa fa-link"></span></a>SID Brute Force</h3>
|
1340
|
+
<p><strong>tns_brute.rb</strong></p>
|
1341
|
+
<pre><code class="lang-ruby"><span class="hljs-comment">#!/usr/bin/env ruby</span>
|
1342
|
+
<span class="hljs-comment"># -*- coding: binary -*-</span>
|
1343
|
+
<span class="hljs-keyword">require</span> <span class="hljs-string">'socket'</span>
|
1344
|
+
|
1345
|
+
<span class="hljs-keyword">if</span> <span class="hljs-constant">ARGV</span>.size < <span class="hljs-number">1</span>
|
1346
|
+
puts <span class="hljs-string">"Usage:\n<span class="hljs-subst">#{__FILE_<span class="hljs-number">_</span>}</span> <IP ADDRESS> [PORT]"</span>
|
1347
|
+
exit <span class="hljs-number">0</span>
|
1348
|
+
<span class="hljs-keyword">else</span>
|
1349
|
+
host = <span class="hljs-constant">ARGV</span>[<span class="hljs-number">0</span>]
|
1350
|
+
port = <span class="hljs-constant">ARGV</span>[<span class="hljs-number">1</span>] || <span class="hljs-number">1521</span>
|
1351
|
+
<span class="hljs-keyword">end</span>
|
1352
|
+
sid = <span class="hljs-constant">ARGV</span>[<span class="hljs-number">2</span>] || <span class="hljs-string">'PLSExtProc'</span>
|
1353
|
+
|
1354
|
+
<span class="hljs-comment">#</span>
|
1355
|
+
<span class="hljs-comment"># Build TNS Packet</span>
|
1356
|
+
<span class="hljs-comment">#</span>
|
1357
|
+
<span class="hljs-function"><span class="hljs-keyword">def</span> <span class="hljs-title">tns_packet</span><span class="hljs-params">(connect_data)</span></span>
|
1358
|
+
|
1359
|
+
<span class="hljs-comment">#=> Transparent Network Substrate Protocol</span>
|
1360
|
+
<span class="hljs-comment"># Packet Length</span>
|
1361
|
+
pkt = [<span class="hljs-number">58</span> + connect_data.length].pack(<span class="hljs-string">'n'</span>)
|
1362
|
+
<span class="hljs-comment"># Packet Checksum</span>
|
1363
|
+
pkt << <span class="hljs-string">"\x00\x00"</span>
|
1364
|
+
<span class="hljs-comment"># Packet Type: Connect(1)</span>
|
1365
|
+
pkt << <span class="hljs-string">"\x01"</span>
|
1366
|
+
<span class="hljs-comment"># Reserved Byte</span>
|
1367
|
+
pkt << <span class="hljs-string">"\x00"</span>
|
1368
|
+
<span class="hljs-comment"># Header Checksum</span>
|
1369
|
+
pkt << <span class="hljs-string">"\x00\x00"</span>
|
1370
|
+
<span class="hljs-comment">#=> Connect</span>
|
1371
|
+
<span class="hljs-comment"># Version</span>
|
1372
|
+
pkt << <span class="hljs-string">"\x01\x36"</span>
|
1373
|
+
<span class="hljs-comment"># Version (Compatible)</span>
|
1374
|
+
pkt << <span class="hljs-string">"\x01\x2C"</span>
|
1375
|
+
<span class="hljs-comment"># Service Options</span>
|
1376
|
+
pkt << <span class="hljs-string">"\x00\x00"</span>
|
1377
|
+
<span class="hljs-comment"># Session Data Unit Size</span>
|
1378
|
+
pkt << <span class="hljs-string">"\x08\x00"</span>
|
1379
|
+
<span class="hljs-comment"># Maximum Transmission Data Unit Size</span>
|
1380
|
+
pkt << <span class="hljs-string">"\xFF\xFF"</span>
|
1381
|
+
<span class="hljs-comment"># NT Protocol Characteristics</span>
|
1382
|
+
pkt << <span class="hljs-string">"\x7F\x08"</span>
|
1383
|
+
<span class="hljs-comment"># Line Turnaround Value</span>
|
1384
|
+
pkt << <span class="hljs-string">"\x00\x00"</span>
|
1385
|
+
<span class="hljs-comment"># Value of 1 in Hardware</span>
|
1386
|
+
pkt << <span class="hljs-string">"\x00\x01"</span>
|
1387
|
+
<span class="hljs-comment"># Length of Connect Data</span>
|
1388
|
+
pkt << [connect_data.length].pack(<span class="hljs-string">'n'</span>)
|
1389
|
+
<span class="hljs-comment"># Offset to Connect Data</span>
|
1390
|
+
pkt << <span class="hljs-string">"\x00\x3A"</span>
|
1391
|
+
<span class="hljs-comment"># Maximum Receivable Connect Data</span>
|
1392
|
+
pkt << <span class="hljs-string">"\x00\x00\x00\x00"</span>
|
1393
|
+
<span class="hljs-comment"># Connect Flags 0</span>
|
1394
|
+
pkt << <span class="hljs-string">"\x00"</span>
|
1395
|
+
<span class="hljs-comment"># Connect Flags 1</span>
|
1396
|
+
pkt << <span class="hljs-string">"\x00"</span>
|
1397
|
+
<span class="hljs-comment"># Trace Cross Facility Item 1</span>
|
1398
|
+
pkt << <span class="hljs-string">"\x00\x00\x00\x00"</span>
|
1399
|
+
<span class="hljs-comment"># Trace Cross Facility Item 2</span>
|
1400
|
+
pkt << <span class="hljs-string">"\x00\x00\x00\x00"</span>
|
1401
|
+
<span class="hljs-comment"># Trace Unique Connection ID</span>
|
1402
|
+
pkt << <span class="hljs-string">"\x00\x00\x34\xE6\x00\x00\x00\x01"</span>
|
1403
|
+
<span class="hljs-comment"># Connect Data</span>
|
1404
|
+
pkt << <span class="hljs-string">"\x00\x00\x00\x00\x00\x00\x00\x00"</span>
|
1405
|
+
pkt << connect_data
|
1406
|
+
|
1407
|
+
<span class="hljs-keyword">return</span> pkt
|
1408
|
+
|
1409
|
+
<span class="hljs-keyword">end</span>
|
1410
|
+
|
1411
|
+
<span class="hljs-comment">#</span>
|
1412
|
+
<span class="hljs-comment"># SID Request Data</span>
|
1413
|
+
<span class="hljs-comment">#</span>
|
1414
|
+
<span class="hljs-function"><span class="hljs-keyword">def</span> <span class="hljs-title">sid_request</span><span class="hljs-params">(sid,host, port)</span></span>
|
1415
|
+
connect_data = <span class="hljs-string">"(DESCRIPTION=(CONNECT_DATA=(SID=<span class="hljs-subst">#{sid}</span>)(CID=(PROGRAM=)(HOST=__jdbc__)(USER=)))(ADDRESS=(PROTOCOL=tcp)(HOST=<span class="hljs-subst">#{host}</span>)(PORT=<span class="hljs-subst">#{port}</span>)))"</span>
|
1416
|
+
pkt = tns_packet(connect_data)
|
1417
|
+
<span class="hljs-keyword">end</span>
|
1418
|
+
|
1419
|
+
|
1420
|
+
sids = [ <span class="hljs-string">'N00TEXIST'</span>, <span class="hljs-string">'PLSExtProc'</span>, <span class="hljs-string">'ORACLE'</span>, <span class="hljs-string">'ORA'</span>, <span class="hljs-string">'ORA1'</span>, <span class="hljs-string">'ORA2'</span>, <span class="hljs-string">'XE'</span>, <span class="hljs-string">'SOA'</span>, <span class="hljs-string">'SOA1'</span>, <span class="hljs-string">'SOA2'</span>, <span class="hljs-string">'DBA1'</span>, <span class="hljs-string">'DBA2'</span> <span class="hljs-string">'HR'</span>, <span class="hljs-string">'HR1'</span>, <span class="hljs-string">'HR2'</span>,<span class="hljs-string">'SAP'</span>, <span class="hljs-string">'TEST'</span>]
|
1421
|
+
|
1422
|
+
sids.each <span class="hljs-keyword">do</span> |sid|
|
1423
|
+
s = <span class="hljs-constant">TCPSocket</span>.new host, port.to_i
|
1424
|
+
s.send sid_request(sid, host, port), <span class="hljs-number">0</span>
|
1425
|
+
response = s.recv(<span class="hljs-number">1000</span>)
|
1426
|
+
puts <span class="hljs-string">"[+] Found SID: "</span> + sid <span class="hljs-keyword">if</span> response.scan(<span class="hljs-regexp">/ERROR/</span>).empty?
|
1427
|
+
<span class="hljs-comment"># puts "[+] No SID: " + sid , response unless response.scan(/ERROR/).empty?</span>
|
1428
|
+
s.close
|
1429
|
+
<span class="hljs-keyword">end</span>
|
1430
|
+
</code></pre>
|
1431
|
+
<p>Run it </p>
|
1432
|
+
<pre><code>ruby tns_brute.rb 192.168.0.13 1521
|
1433
|
+
|
1434
|
+
[+] Found SID: PLSExtProc
|
1435
|
+
[+] Found SID: XE
|
1436
|
+
</code></pre><p><strong>Notes:</strong></p>
|
1437
|
+
<ul>
|
1438
|
+
<li>This script will work on Oracle 11g and before </li>
|
1439
|
+
<li>Notice <code># -*- coding: binary -*-</code> at the top of the script because we are working on pure binary data that may not mean anything to the language.</li>
|
1440
|
+
</ul>
|
1441
|
+
<h2 id=""><a name="" class="plugin-anchor" href="#"><span class="fa fa-link"></span></a><br><br><br></h2>
|
1442
|
+
<ul>
|
1443
|
+
<li><a href="https://thesprawl.org/research/oracle-tns-protocol/" target="_blank">Research Oracle TNS Protocol</a> </li>
|
1444
|
+
<li>Metasploit | sid_brute auxiliary module</li>
|
1445
|
+
</ul>
|
1446
|
+
|
1447
|
+
|
1448
|
+
</section>
|
1449
|
+
|
1450
|
+
|
1451
|
+
</div>
|
1452
|
+
</div>
|
1453
|
+
</div>
|
1454
|
+
|
1455
|
+
|
1456
|
+
<a href="../module_0x3__network_kung_fu/snmp_enumeration.html" class="navigation navigation-prev " aria-label="Previous page: SNMP Enumeration"><i class="fa fa-angle-left"></i></a>
|
1457
|
+
|
1458
|
+
|
1459
|
+
<a href="../module_0x3__network_kung_fu/packet_manipulation.html" class="navigation navigation-next " aria-label="Next page: Packet manipulation"><i class="fa fa-angle-right"></i></a>
|
1460
|
+
|
1461
|
+
</div>
|
1462
|
+
</div>
|
1463
|
+
|
1464
|
+
|
1465
|
+
<script src="../gitbook/app.js"></script>
|
1466
|
+
|
1467
|
+
|
1468
|
+
<script src="../gitbook/plugins/gitbook-plugin-splitter/splitter.js"></script>
|
1469
|
+
|
1470
|
+
|
1471
|
+
|
1472
|
+
<script src="../gitbook/plugins/gitbook-plugin-book-summary-scroll-position-saver/book-summary-scroll-position-saver.js"></script>
|
1473
|
+
|
1474
|
+
|
1475
|
+
|
1476
|
+
<script src="../gitbook/plugins/gitbook-plugin-expandable-chapters/expandable-chapters.js"></script>
|
1477
|
+
|
1478
|
+
|
1479
|
+
|
1480
|
+
<script src="../gitbook/plugins/gitbook-plugin-search/lunr.min.js"></script>
|
1481
|
+
|
1482
|
+
|
1483
|
+
|
1484
|
+
<script src="../gitbook/plugins/gitbook-plugin-search/search.js"></script>
|
1485
|
+
|
1486
|
+
|
1487
|
+
|
1488
|
+
<script src="../gitbook/plugins/gitbook-plugin-sharing/buttons.js"></script>
|
1489
|
+
|
1490
|
+
|
1491
|
+
|
1492
|
+
<script src="../gitbook/plugins/gitbook-plugin-fontsettings/buttons.js"></script>
|
1493
|
+
|
1494
|
+
|
1495
|
+
<script>
|
1496
|
+
require(["gitbook"], function(gitbook) {
|
1497
|
+
var config = {"addcssjs":{"js":["styles/header.js"]},"anchors":{},"todo":{},"splitter":{},"book-summary-scroll-position-saver":{},"expandable-chapters":{},"highlight":{},"search":{"maxIndexSize":1000000},"sharing":{"facebook":true,"twitter":true,"google":false,"weibo":false,"instapaper":false,"vk":false,"all":["facebook","google","twitter","weibo","instapaper"]},"fontsettings":{"theme":"white","family":"sans","size":2}};
|
1498
|
+
gitbook.start(config);
|
1499
|
+
});
|
1500
|
+
</script>
|
1501
|
+
|
1502
|
+
|
1503
|
+
</body>
|
1504
|
+
|
1505
|
+
</html>
|