In some free time, every time I have less, I have been doing a small spider (programmed in PL SQL) for once we have access to a database to launch a discovery process on the network in which the machine that hosts the server is located database. This code is thought as a PoC (Proof of Concept).
Basically what I’m going to do is use a few packages that Oracle usually brings by default (it can vary by version). What if I manage to execute them in the database, this by default will give me access to the network where the database server is and make a discovery of machines / servers in that piece of network. It would be similar to using nmap (for example, as an nmap -sn 188.8.131.52/24) but from Oracle itself.
Indicate that it depends on how the network is configured, its security level (use of ACL), etc. They can ban us and we can not see anything.
Picture show the banner for the tool 🙂
This small script receives four parameters
# 1 Prev_range: n IPs to try before the IP of the machine where the database is.
# 2 post_range: n IPs to try after the IP of the machine where the database is.
Suppose that the machine where the database is located is in the ip 184.108.40.206
if we execute: crawler_plsql 5 6
the process will try to discover if it exists and alias the IPs;
The next picture show the start and check process, to verify privileges and permissions for the user that we are using (Actual IP has been pixeled);
In the next step the crawler show a list with all host that it a discoverd (inside the range used in param #1 and param #2). The ollowing picture has been pixeled.
#3 Try dblink: This parameter will try to create a dblink to the destination, against port 1521, the idea is to try to identify if there is another Oracle engine, configured by default on port 1521 (the next version could do a vertical scan 1024 – 65535), and if there is to see how far we get.
if we execute: crawler_plsql 5 6 Y
The process will try to create a database link against the IPs. If we use the previous example, try to create a dblink against each of the IPs in the range 220.127.116.11 – 18.104.22.168.
#4 send_mail: Send all the information you have collected and send it by mail, if you are doing something that you should not do not send it to a address that may be associated with you. It would be an exfiltration of data.
if we execute: crawler_plsql 5 6 Y Y
Will send the mail based on the configuration of the section “Settings for email” the parameters to be configured are
CMailIp -- IP where start mail CPort -- Port to start resend, by default 25 CFromName -- Name (sender) CFromEmail -- Boxmail (sender) CToName -- Name (receipent) CToEmail -- Boxmail (receipent) CSubject -- Issue
finally, the link to the code is this.
Any comment is welcome.
HTH – Antonio NAVARRO