Module: Msf::Exploit::Remote::DB2

Includes:: Tcp

Defined in:: lib/msf/core/exploit/remote/db2.rb

Overview

This module exposes methods for querying a remote DB2 service

Instance Attribute Summary

Attributes included from Tcp

#sock

Instance Method Summary collapse

#db2_check_login(timeout = 5) ⇒ Object
#db2_probe(timeout = 5) ⇒ Object

This method sends a TCP query packet to the server, using datastore options and parses out the reply packet into a hash.
#initialize(info = {}) ⇒ Object

Creates an instance of a DB2 exploit module.

Methods included from Tcp

#chost, #cleanup, #connect, #connect_timeout, #cport, #disconnect, #handler, #lhost, #lport, #peer, #print_prefix, #proxies, #rhost, #rport, #set_tcp_evasions, #shutdown, #ssl, #ssl_cipher, #ssl_verify_mode, #ssl_version

Instance Method Details

#db2_check_login(timeout = 5) ⇒ `Object`

# File 'lib/msf/core/exploit/remote/db2.rb', line 51

def db2_check_login(timeout=5)
  probe_data = db2_probe
  return probe_data unless probe_data[:plaintext_auth]
  login_packet = Rex::Proto::DRDA::Utils.client_auth(:dbname => datastore['DATABASE'],
    :dbuser => datastore['USERNAME'],
    :dbpass => datastore['PASSWORD'])
  sock.put login_packet
  resp = sock.get_once
  return {} if not resp
  return {} if resp.length == 0
  pkt = Rex::Proto::DRDA::Packet::SERVER_PACKET.new.read(resp)
  return Rex::Proto::DRDA::Utils.server_packet_info(pkt)
end

#db2_probe(timeout = 5) ⇒ `Object`

This method sends a TCP query packet to the server, using datastore options and parses out the reply packet into a hash

# File 'lib/msf/core/exploit/remote/db2.rb', line 37

def db2_probe(timeout=5)
  disconnect if self.sock
  connect

  probe_packet = Rex::Proto::DRDA::Utils.client_probe(datastore['DATABASE'])
  sock.put probe_packet
  resp = sock.get_once

  return {} if not resp
  return {} if resp.length == 0
  pkt = Rex::Proto::DRDA::Packet::SERVER_PACKET.new.read(resp)
  return Rex::Proto::DRDA::Utils.server_packet_info(pkt)
end

#initialize(info = {}) ⇒ `Object`

Creates an instance of a DB2 exploit module.

# File 'lib/msf/core/exploit/remote/db2.rb', line 17

def initialize(info = {})
  super

  # Register the options that all MSSQL exploits may make use of.
  register_options(
    [
      Opt::RHOST,
      Opt::RPORT(50000),
      OptString.new('USERNAME', [ false, 'The username to authenticate as', 'db2inst1']),
      OptString.new('PASSWORD', [ false, 'The password for the specified username', '']),
      OptString.new('DATABASE', [ true, 'The name of the target database', 'toolsdb'])
    ], Msf::Exploit::Remote::DB2)

end