Path: blob/master/plugins/dbms/oracle/fingerprint.py
2992 views
#!/usr/bin/env python12"""3Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)4See the file 'LICENSE' for copying permission5"""67import re89from lib.core.common import Backend10from lib.core.common import Format11from lib.core.common import hashDBRetrieve12from lib.core.common import hashDBWrite13from lib.core.data import conf14from lib.core.data import kb15from lib.core.data import logger16from lib.core.enums import DBMS17from lib.core.enums import FORK18from lib.core.enums import HASHDB_KEYS19from lib.core.session import setDbms20from lib.core.settings import ORACLE_ALIASES21from lib.request import inject22from plugins.generic.fingerprint import Fingerprint as GenericFingerprint2324class Fingerprint(GenericFingerprint):25def __init__(self):26GenericFingerprint.__init__(self, DBMS.ORACLE)2728def getFingerprint(self):29fork = hashDBRetrieve(HASHDB_KEYS.DBMS_FORK)3031if fork is None:32if inject.checkBooleanExpression("NULL_EQU(NULL,NULL)=1"):33fork = FORK.DM834else:35fork = ""3637hashDBWrite(HASHDB_KEYS.DBMS_FORK, fork)3839value = ""40wsOsFp = Format.getOs("web server", kb.headersFp)4142if wsOsFp:43value += "%s\n" % wsOsFp4445if kb.data.banner:46dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp)4748if dbmsOsFp:49value += "%s\n" % dbmsOsFp5051value += "back-end DBMS: "5253if not conf.extensiveFp:54value += DBMS.ORACLE55if fork:56value += " (%s fork)" % fork57return value5859actVer = Format.getDbms()60blank = " " * 1561value += "active fingerprint: %s" % actVer6263if kb.bannerFp:64banVer = kb.bannerFp.get("dbmsVersion")6566if banVer:67banVer = Format.getDbms([banVer])68value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)6970htmlErrorFp = Format.getErrorParsedDBMSes()7172if htmlErrorFp:73value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)7475if fork:76value += "\n%sfork fingerprint: %s" % (blank, fork)7778return value7980def checkDbms(self):81if not conf.extensiveFp and Backend.isDbmsWithin(ORACLE_ALIASES):82setDbms(DBMS.ORACLE)8384self.getBanner()8586return True8788infoMsg = "testing %s" % DBMS.ORACLE89logger.info(infoMsg)9091# NOTE: SELECT LENGTH(SYSDATE)=LENGTH(SYSDATE) FROM DUAL does92# not work connecting directly to the Oracle database93if conf.direct:94result = True95else:96result = inject.checkBooleanExpression("LENGTH(SYSDATE)=LENGTH(SYSDATE)")9798if result:99infoMsg = "confirming %s" % DBMS.ORACLE100logger.info(infoMsg)101102# NOTE: SELECT NVL(RAWTOHEX([RANDNUM1]),[RANDNUM1])=RAWTOHEX([RANDNUM1]) FROM DUAL does103# not work connecting directly to the Oracle database104if conf.direct:105result = True106else:107result = inject.checkBooleanExpression("NVL(RAWTOHEX([RANDNUM1]),[RANDNUM1])=RAWTOHEX([RANDNUM1])")108109if not result:110warnMsg = "the back-end DBMS is not %s" % DBMS.ORACLE111logger.warning(warnMsg)112113return False114115setDbms(DBMS.ORACLE)116117self.getBanner()118119if not conf.extensiveFp:120return True121122infoMsg = "actively fingerprinting %s" % DBMS.ORACLE123logger.info(infoMsg)124125# Reference: https://en.wikipedia.org/wiki/Oracle_Database126for version in ("23c", "21c", "19c", "18c", "12c", "11g", "10g", "9i", "8i", "7"):127number = int(re.search(r"([\d]+)", version).group(1))128output = inject.checkBooleanExpression("%d=(SELECT SUBSTR((VERSION),1,%d) FROM SYS.PRODUCT_COMPONENT_VERSION WHERE ROWNUM=1)" % (number, 1 if number < 10 else 2))129130if output:131Backend.setVersion(version)132break133134return True135else:136warnMsg = "the back-end DBMS is not %s" % DBMS.ORACLE137logger.warning(warnMsg)138139return False140141def forceDbmsEnum(self):142if conf.db:143conf.db = conf.db.upper()144145if conf.tbl:146conf.tbl = conf.tbl.upper()147148149