mirrors/fscan
1
0
Fork 0
mirror of https://github.com/shadow1ng/fscan.git synced 2025-09-14 14:06:44 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
32223db6e3
fscan/Plugins/services/oracle/plugin.go
ZacharyZcR 3de7b21fe0 feat: Oracle数据库插件迁移到新架构完成 
- 实现Oracle TNS协议连接器,支持多种服务名
- 支持高危用户(SYS/SYSTEM)检测和SYSDBA权限
- 实现服务识别和弱密码检测功能
- 集成国际化消息系统
- 测试通过:服务识别和高危用户认证功能
2025-08-09 13:02:11 +08:00

244 lines
6.9 KiB
Go
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

package oracle
import (
"context"
"fmt"
"strings"
"github.com/shadow1ng/fscan/common"
"github.com/shadow1ng/fscan/common/i18n"
"github.com/shadow1ng/fscan/plugins/base"
)
// OraclePlugin Oracle插件实现
type OraclePlugin struct {
*base.ServicePlugin
exploiter *OracleExploiter
}
// NewOraclePlugin 创建Oracle插件
func NewOraclePlugin() *OraclePlugin {
// 插件元数据
metadata := &base.PluginMetadata{
Name: "oracle",
Version: "2.0.0",
Author: "fscan-team",
Description: "Oracle数据库扫描和利用插件",
Category: "service",
Ports: []int{1521, 1522, 1525}, // Oracle常用端口
Protocols: []string{"tcp"},
Tags: []string{"oracle", "database", "weak-password", "sysdba"},
}
// 创建连接器和服务插件
connector := NewOracleConnector()
servicePlugin := base.NewServicePlugin(metadata, connector)
// 创建Oracle插件
plugin := &OraclePlugin{
ServicePlugin: servicePlugin,
exploiter: NewOracleExploiter(),
}
// 设置能力
plugin.SetCapabilities([]base.Capability{
base.CapWeakPassword,
base.CapDataExtraction,
})
return plugin
}
// Scan 重写扫描方法进行Oracle服务扫描
func (p *OraclePlugin) Scan(ctx context.Context, info *common.HostInfo) (*base.ScanResult, error) {
// 如果禁用了暴力破解,只进行服务识别
if common.DisableBrute {
return p.performServiceIdentification(ctx, info)
}
target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
// 先尝试高危凭据
highRiskCredentials := p.getHighRiskCredentials()
for _, cred := range highRiskCredentials {
result, err := p.ScanCredential(ctx, info, cred)
if err == nil && result.Success {
// 认证成功
if strings.ToUpper(cred.Username) == "SYS" {
common.LogSuccess(i18n.GetText("oracle_sys_auth_success", target, cred.Username, cred.Password))
} else {
common.LogSuccess(i18n.GetText("oracle_auth_success", target, cred.Username, cred.Password))
}
return &base.ScanResult{
Success: true,
Service: "Oracle",
Credentials: []*base.Credential{cred},
Banner: result.Banner,
Extra: map[string]interface{}{
"service": "Oracle",
"port": info.Ports,
"username": cred.Username,
"password": cred.Password,
"type": "high-risk-credentials",
},
}, nil
}
}
// 生成凭据进行暴力破解
credentials := p.generateCredentials()
// 遍历凭据进行测试
for _, cred := range credentials {
result, err := p.ScanCredential(ctx, info, cred)
if err == nil && result.Success {
// 认证成功
common.LogSuccess(i18n.GetText("oracle_auth_success", target, cred.Username, cred.Password))
return &base.ScanResult{
Success: true,
Service: "Oracle",
Credentials: []*base.Credential{cred},
Banner: result.Banner,
Extra: map[string]interface{}{
"service": "Oracle",
"port": info.Ports,
"username": cred.Username,
"password": cred.Password,
"type": "weak-password",
},
}, nil
}
}
// 所有凭据都失败但可能识别到了Oracle服务
return p.performServiceIdentification(ctx, info)
}
// getHighRiskCredentials 获取高危凭据列表
func (p *OraclePlugin) getHighRiskCredentials() []*base.Credential {
return []*base.Credential{
{Username: "SYS", Password: "123456"},
{Username: "SYSTEM", Password: "123456"},
{Username: "SYS", Password: "oracle"},
{Username: "SYSTEM", Password: "oracle"},
{Username: "SYS", Password: "password"},
{Username: "SYSTEM", Password: "password"},
{Username: "SYS", Password: "sys123"},
{Username: "SYS", Password: "change_on_install"},
{Username: "SYSTEM", Password: "manager"},
}
}
// generateCredentials 生成Oracle凭据
func (p *OraclePlugin) generateCredentials() []*base.Credential {
var credentials []*base.Credential
// 获取Oracle用户名字典
usernames := common.Userdict["oracle"]
if len(usernames) == 0 {
usernames = []string{"oracle", "sys", "system", "admin", "scott", "hr", "oe"}
}
// 获取密码字典
passwords := common.Passwords
if len(passwords) == 0 {
passwords = []string{"", "oracle", "admin", "password", "123456", "manager", "tiger"}
}
// 生成用户名密码组合
for _, username := range usernames {
for _, password := range passwords {
// 替换密码中的用户名占位符
actualPassword := strings.Replace(password, "{user}", username, -1)
credentials = append(credentials, &base.Credential{
Username: strings.ToUpper(username), // Oracle用户名通常大写
Password: actualPassword,
})
}
}
return credentials
}
// Exploit 使用exploiter执行利用
func (p *OraclePlugin) Exploit(ctx context.Context, info *common.HostInfo, creds *base.Credential) (*base.ExploitResult, error) {
return p.exploiter.Exploit(ctx, info, creds)
}
// GetExploitMethods 获取利用方法
func (p *OraclePlugin) GetExploitMethods() []base.ExploitMethod {
return p.exploiter.GetExploitMethods()
}
// IsExploitSupported 检查利用支持
func (p *OraclePlugin) IsExploitSupported(method base.ExploitType) bool {
return p.exploiter.IsExploitSupported(method)
}
// performServiceIdentification 执行Oracle服务识别-nobr模式
func (p *OraclePlugin) performServiceIdentification(ctx context.Context, info *common.HostInfo) (*base.ScanResult, error) {
target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
// 尝试识别Oracle服务
connector := NewOracleConnector()
conn, err := connector.Connect(ctx, info)
if err == nil && conn != nil {
if oracleConn, ok := conn.(*OracleConnection); ok {
// 记录服务识别成功
common.LogSuccess(i18n.GetText("oracle_service_identified", target, oracleConn.info))
connector.Close(conn)
return &base.ScanResult{
Success: true,
Service: "Oracle",
Banner: oracleConn.info,
Extra: map[string]interface{}{
"service": "Oracle",
"port": info.Ports,
"info": oracleConn.info,
"service_name": oracleConn.serviceName,
},
}, nil
}
}
// 如果无法识别为Oracle返回失败
return &base.ScanResult{
Success: false,
Error: fmt.Errorf("无法识别为Oracle服务"),
}, nil
}
// =============================================================================
// 插件注册
// =============================================================================
// RegisterOraclePlugin 注册Oracle插件
func RegisterOraclePlugin() {
factory := base.NewSimplePluginFactory(
&base.PluginMetadata{
Name: "oracle",
Version: "2.0.0",
Author: "fscan-team",
Description: "Oracle数据库扫描和利用插件",
Category: "service",
Ports: []int{1521, 1522, 1525}, // Oracle常用端口
Protocols: []string{"tcp"},
Tags: []string{"oracle", "database", "weak-password", "sysdba"},
},
func() base.Plugin {
return NewOraclePlugin()
},
)
base.GlobalPluginRegistry.Register("oracle", factory)
}
// 自动注册
func init() {
RegisterOraclePlugin()
}
Reference in New Issue View Git Blame Copy Permalink