Module: Msf::Exploit::Remote::DB2

Includes:
Tcp
Defined in:
lib/msf/core/exploit/db2.rb

Overview

This module exposes methods for querying a remote DB2 service

Instance Method Summary collapse

Methods included from Tcp

#chost, #cleanup, #connect, #connect_timeout, #cport, #disconnect, #handler, #lhost, #lport, #proxies, #rhost, #rport, #set_tcp_evasions, #ssl, #ssl_version

Instance Method Details

#db2_check_login(timeout = 5) ⇒ Object


52
53
54
55
56
57
58
59
60
61
62
63
64
# File 'lib/msf/core/exploit/db2.rb', line 52

def (timeout=5)
  probe_data = db2_probe
  return probe_data unless probe_data[:plaintext_auth]
   = Rex::Proto::DRDA::Utils.client_auth(:dbname => datastore['DATABASE'],
    :dbuser => datastore['USERNAME'],
    :dbpass => datastore['PASSWORD'])
  sock.put 
  resp = sock.get_once
  return {} if not resp
  return {} if resp.length == 0
  pkt = Rex::Proto::DRDA::SERVER_PACKET.new.read(resp)
  return Rex::Proto::DRDA::Utils.server_packet_info(pkt)
end

#db2_probe(timeout = 5) ⇒ Object

This method sends a TCP query packet to the server, using datastore options and parses out the reply packet into a hash


38
39
40
41
42
43
44
45
46
47
48
49
50
# File 'lib/msf/core/exploit/db2.rb', line 38

def db2_probe(timeout=5)
  disconnect if self.sock
  connect

  probe_packet = Rex::Proto::DRDA::Utils.client_probe(datastore['DATABASE'])
  sock.put probe_packet
  resp = sock.get_once

  return {} if not resp
  return {} if resp.length == 0
  pkt = Rex::Proto::DRDA::SERVER_PACKET.new.read(resp)
  return Rex::Proto::DRDA::Utils.server_packet_info(pkt)
end

#initialize(info = {}) ⇒ Object

Creates an instance of a DB2 exploit module.


18
19
20
21
22
23
24
25
26
27
28
29
30
31
# File 'lib/msf/core/exploit/db2.rb', line 18

def initialize(info = {})
  super

  # Register the options that all MSSQL exploits may make use of.
  register_options(
    [
      Opt::RHOST,
      Opt::RPORT(50000),
      OptString.new('USERNAME', [ false, 'The username to authenticate as', 'db2inst1']),
      OptString.new('PASSWORD', [ false, 'The password for the specified username', '']),
      OptString.new('DATABASE', [ true, 'The name of the target database', 'toolsdb'])
    ], Msf::Exploit::Remote::DB2)

end