Mirror of metasploit
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

db2.rb 1.8KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667
  1. # -*- coding: binary -*-
  2. require 'msf/core'
  3. module Msf
  4. ###
  5. #
  6. # This module exposes methods for querying a remote DB2 service
  7. #
  8. ###
  9. module Exploit::Remote::DB2
  10. include Exploit::Remote::Tcp
  11. #
  12. # Creates an instance of a DB2 exploit module.
  13. #
  14. def initialize(info = {})
  15. super
  16. # Register the options that all MSSQL exploits may make use of.
  17. register_options(
  18. [
  19. Opt::RHOST,
  20. Opt::RPORT(50000),
  21. OptString.new('USERNAME', [ false, 'The username to authenticate as', 'db2inst1']),
  22. OptString.new('PASSWORD', [ false, 'The password for the specified username', '']),
  23. OptString.new('DATABASE', [ true, 'The name of the target database', 'toolsdb'])
  24. ], Msf::Exploit::Remote::DB2)
  25. end
  26. #
  27. # This method sends a TCP query packet to the server, using
  28. # datastore options and parses out the reply packet
  29. # into a hash
  30. #
  31. def db2_probe(timeout=5)
  32. disconnect if self.sock
  33. connect
  34. probe_packet = Rex::Proto::DRDA::Utils.client_probe(datastore['DATABASE'])
  35. sock.put probe_packet
  36. resp = sock.get_once
  37. return {} if not resp
  38. return {} if resp.length == 0
  39. pkt = Rex::Proto::DRDA::SERVER_PACKET.new.read(resp)
  40. return Rex::Proto::DRDA::Utils.server_packet_info(pkt)
  41. end
  42. def db2_check_login(timeout=5)
  43. probe_data = db2_probe
  44. return probe_data unless probe_data[:plaintext_auth]
  45. login_packet = Rex::Proto::DRDA::Utils.client_auth(:dbname => datastore['DATABASE'],
  46. :dbuser => datastore['USERNAME'],
  47. :dbpass => datastore['PASSWORD'])
  48. sock.put login_packet
  49. resp = sock.get_once
  50. return {} if not resp
  51. return {} if resp.length == 0
  52. pkt = Rex::Proto::DRDA::SERVER_PACKET.new.read(resp)
  53. return Rex::Proto::DRDA::Utils.server_packet_info(pkt)
  54. end
  55. end
  56. end