Library tns

TNS Library supporting a very limited subset of Oracle operations

Summary ------- The library currently provides functionality to connect and authenticate to the Oracle database server. Some preliminary query support has been added, which only works against a few specific versions. The library has been tested against and known to work with Oracle 10g and 11g. Please check the matrix below for tested versions that are known to work.

Due to the lack of documentation the library is based mostly on guesswork with a lot of unknowns. Bug reports are therefore both welcome and important in order to further improve this library. In addition, knowing that the library works against versions not in the test matrix is valuable as well.

Overview -------- The library contains the following classes:

o Packet.* - The Packet classes contain specific packets and function to serialize them to strings that can be sent over the wire. Each class may also contain a function to parse the servers response.

o Comm - Implements a number of functions to handle communication

o Crypt - Implements encryption algorithms and functions to support authentication with Oracle 10G and Oracle 11G.

o Helper - A helper class that provides easy access to the rest of the library

Example ------- The following sample code illustrates how scripts can use the Helper class to interface the library:

tnshelper = tns.Helper:new(host, port)
status, err = tnshelper:Connect()
status, res = tnshelper:Login("sys", "change_on_install")
status, err = tnshelper:Close()

Additional information ---------------------- The implementation is based on the following documentation and through analysis of packet dumps:

o Oracle 10g TNS AES-128 authentication details (Massimiliano Montoro) x http://www.oxid.it/downloads/oracle_tns_aes128_check.txt o Oracle 11g TNS AES-192 authentication details (Massimiliano Montoro) x http://www.oxid.it/downloads/oracle_tns_aes192_check.txt o Initial analysis of Oracle native authentication version 11g (László Tóth) x http://www.soonerorlater.hu/index.khtml?article_id=512 o Oracle native authentication version 9i and 10g (László Tóth) x http://www.soonerorlater.hu/index.khtml?article_id=511

This implementation is tested and known to work against Oracle 10g and 11g on both Linux and Windows. For details regarding what versions where tested please consult the matrix below.

Author:

  • Patrik Karlsson <patrik@cqure.net>

Copyright © Same as Nmap--See https://nmap.org/book/man-legal.html

Source: https://svn.nmap.org/nmap/nselib/tns.lua

Script Arguments

tns.sid

specifies the Oracle instance to connect to

Functions

__tostring (self)

Serializes the packet into a string suitable to be sent to the DB server.

__tostring (self)

Serializes the packet into a string suitable to be sent to the DB server.

__tostring (self)

Serializes the packet into a string suitable to be sent to the DB server.

__tostring (self)

Serializes the packet into a string suitable to be sent to the DB server.

__tostring (self)

Serializes the packet into a string suitable to be sent to the DB server.

__tostring (self)

Serializes the packet into a string suitable to be sent to the DB server.

__tostring (self)

Serializes the packet into a string suitable to be sent to the DB server.

__tostring (self)

Serializes the packet into a string suitable to be sent to the DB server.

__tostring (self)

Serializes the packet into a string suitable to be sent to the DB server.

__tostring (self)

Serializes the packet into a string suitable to be sent to the DB server.

__tostring (self)

Serializes the packet into a string suitable to be sent to the DB server.

__tostring (self)

Serializes the packet into a string suitable to be sent to the DB server.

__tostring (self)

Serializes the packet into a string suitable to be sent to the DB server.

__tostring (self)

Serializes the packet into a string suitable to be sent to the DB server.

Close (self)

Ends the Oracle communication

Connect (self)

Connects and performs protocol negotiation with the Oracle server

Encrypt10g (self, user, pass, srv_sesskey_enc)

Performs the relevant encryption needed for the Oracle 10g response

Encrypt11g (self, pass, srv_sesskey_enc, auth_vrfy_data)

Performs the relevant encryption needed for the Oracle 11g response

exchTNSPacket (self, pkt)

Sends a TNS packet and receives (and handles) the response

getCounter (self)

Gets the current counter value

getCounter (self)

Gets the current counter value

handleMarker (self)

Handles communication when a MARKER packet is received and retrieves the following error message

HashPassword10g (self, username, password)

Creates an Oracle 10G password hash

Login (self, user, password, pass)

Authenticates to the database

lsnrCtl (self, cmd)

Sends a command to the TNS lsnr It currently accepts and tries to send all commands received

marshalKvp (key, value, flags)

Marshals a TNS key-value pair data structure

marshalKvpComponent (value)

Marshals a key or value element from a TNS key-value pair data structure

new (self, host, port, instance, socket)

Creates a new Helper instance

new (self, host, port, instance, socket)

Creates a new Helper instance

new (self, host, port, instance, socket)

Creates a new Helper instance

new (self, host, port, instance, socket)

Creates a new Helper instance

new (self, host, port, instance, socket)

Creates a new Helper instance

new (self, host, port, instance, socket)

Creates a new Helper instance

new (self, host, port, instance, socket)

Creates a new Helper instance

parseResponse (self, tns)

Parses the Query response from the server

parseResponse (self, tns)

Parses the Query response from the server

parseResponse (self, tns)

Parses the Query response from the server

parseResponse (self, tns)

Parses the Query response from the server

Query (self, query)

Queries the database

recv (self)

Read a TNS packet of the socket

recvTNSPacket (self)

Receives a TNS packet and handles TNS-resends

sendTNSPacket (self, pkt)

Attemts to send a TNS packet over the socket

setCounter (self, counter)

Sets the current counter value This function is called from sendTNSPacket

setCounter (self, counter)

Sets the current counter value This function is called from sendTNSPacket

StealthLogin (self, user, password, pass)

Steal auth data from database

unmarshalKvp (data, pos)

Parses a TNS key-value pair data structure.

unmarshalKvpComponent (data, pos)

Parses a key or value element from a TNS key-value pair data structure.

Functions

__tostring (self)

Serializes the packet into a string suitable to be sent to the DB server.

Parameters

self
 

Return value:

str string containing the serialized packet
__tostring (self)

Serializes the packet into a string suitable to be sent to the DB server.

Parameters

self
 

Return value:

str string containing the serialized packet
__tostring (self)

Serializes the packet into a string suitable to be sent to the DB server.

Parameters

self
 

Return value:

str string containing the serialized packet
__tostring (self)

Serializes the packet into a string suitable to be sent to the DB server.

Parameters

self
 

Return value:

str string containing the serialized packet
__tostring (self)

Serializes the packet into a string suitable to be sent to the DB server.

Parameters

self
 

Return value:

str string containing the serialized packet
__tostring (self)

Serializes the packet into a string suitable to be sent to the DB server.

Parameters

self
 

Return value:

str string containing the serialized packet
__tostring (self)

Serializes the packet into a string suitable to be sent to the DB server.

Parameters

self
 

Return value:

str string containing the serialized packet
__tostring (self)

Serializes the packet into a string suitable to be sent to the DB server.

Parameters

self
 

Return value:

str string containing the serialized packet
__tostring (self)

Serializes the packet into a string suitable to be sent to the DB server.

Parameters

self
 

Return value:

str string containing the serialized packet
__tostring (self)

Serializes the packet into a string suitable to be sent to the DB server.

Parameters

self
 

Return value:

str string containing the serialized packet
__tostring (self)

Serializes the packet into a string suitable to be sent to the DB server.

Parameters

self
 

Return value:

str string containing the serialized packet
__tostring (self)

Serializes the packet into a string suitable to be sent to the DB server.

Parameters

self
 

Return value:

str string containing the serialized packet
__tostring (self)

Serializes the packet into a string suitable to be sent to the DB server.

Parameters

self
 

Return value:

str string containing the serialized packet
__tostring (self)

Serializes the packet into a string suitable to be sent to the DB server.

Parameters

self
 

Return value:

str string containing the serialized packet
Close (self)

Ends the Oracle communication

Parameters

self
 
Connect (self)

Connects and performs protocol negotiation with the Oracle server

Parameters

self
 

Return values:

  1. true on success, false on failure
  2. err containing error message when status is false
Encrypt10g (self, user, pass, srv_sesskey_enc)

Performs the relevant encryption needed for the Oracle 10g response

Parameters

self
 
user
containing the Oracle user name
pass
containing the Oracle user password
srv_sesskey_enc
containing the encrypted server session key as received from the PreAuth packet

Return values:

  1. cli_sesskey_enc the encrypted client session key
  2. auth_pass the encrypted Oracle password
Encrypt11g (self, pass, srv_sesskey_enc, auth_vrfy_data)

Performs the relevant encryption needed for the Oracle 11g response

Parameters

self
 
pass
containing the Oracle user password
srv_sesskey_enc
containing the encrypted server session key as received from the PreAuth packet
auth_vrfy_data
containing the password salt as received from the PreAuth packet

Return values:

  1. cli_sesskey_enc the encrypted client session key
  2. auth_pass the encrypted Oracle password
exchTNSPacket (self, pkt)

Sends a TNS packet and receives (and handles) the response

Parameters

self
 
pkt
containing the Packet.* to send to the server

Return values:

  1. status true on success, false on failure
  2. the parsed response as return from the respective parseResponse function or error message if status was false
getCounter (self)

Gets the current counter value

Parameters

self
 

Return value:

counter number containing the current counter value
getCounter (self)

Gets the current counter value

Parameters

self
 

Return value:

counter number containing the current counter value
handleMarker (self)

Handles communication when a MARKER packet is received and retrieves the following error message

Parameters

self
 

Return values:

  1. false always to indicate that an error occurred
  2. msg containing the error message
HashPassword10g (self, username, password)

Creates an Oracle 10G password hash

Parameters

self
 
username
containing the Oracle user name
password
containing the Oracle user password

Return value:

hash containing the Oracle hash
Login (self, user, password, pass)

Authenticates to the database

Parameters

self
 
user
containing the Oracle user name
password
 
pass
containing the Oracle user password

Return values:

  1. true on success, false on failure
  2. err containing error message when status is false
lsnrCtl (self, cmd)

Sends a command to the TNS lsnr It currently accepts and tries to send all commands received

Parameters

self
 
cmd
string containing the command to send to the server

Return value:

data string containing the result received from the server
marshalKvp (key, value, flags)

Marshals a TNS key-value pair data structure

Parameters

key
The key
value
The value
flags
The flags

Return value:

A binary packed string representing the KVP structure
marshalKvpComponent (value)

Marshals a key or value element from a TNS key-value pair data structure

Parameters

value
The key or value

Return value:

A binary packed string representing the element
new (self, host, port, instance, socket)

Creates a new Helper instance

Parameters

self
 
host
table containing the host table as received by action
port
table containing the port table as received by action
instance
string containing the instance name
socket
 

Return value:

o new instance of Helper
new (self, host, port, instance, socket)

Creates a new Helper instance

Parameters

self
 
host
table containing the host table as received by action
port
table containing the port table as received by action
instance
string containing the instance name
socket
 

Return value:

o new instance of Helper
new (self, host, port, instance, socket)

Creates a new Helper instance

Parameters

self
 
host
table containing the host table as received by action
port
table containing the port table as received by action
instance
string containing the instance name
socket
 

Return value:

o new instance of Helper
new (self, host, port, instance, socket)

Creates a new Helper instance

Parameters

self
 
host
table containing the host table as received by action
port
table containing the port table as received by action
instance
string containing the instance name
socket
 

Return value:

o new instance of Helper
new (self, host, port, instance, socket)

Creates a new Helper instance

Parameters

self
 
host
table containing the host table as received by action
port
table containing the port table as received by action
instance
string containing the instance name
socket
 

Return value:

o new instance of Helper
new (self, host, port, instance, socket)

Creates a new Helper instance

Parameters

self
 
host
table containing the host table as received by action
port
table containing the port table as received by action
instance
string containing the instance name
socket
 

Return value:

o new instance of Helper
new (self, host, port, instance, socket)

Creates a new Helper instance

Parameters

self
 
host
table containing the host table as received by action
port
table containing the port table as received by action
instance
string containing the instance name
socket
 

Return value:

o new instance of Helper
parseResponse (self, tns)

Parses the Query response from the server

Parameters

self
 
tns
response as received from the Comm.recvTNSPacket function.

Return value:

result table containing: columns - a column indexed table with the column names types - a column indexed table with the data types rows - a table containing a row table for each row the row table is a column indexed table of column values.
parseResponse (self, tns)

Parses the Query response from the server

Parameters

self
 
tns
response as received from the Comm.recvTNSPacket function.

Return value:

result table containing: columns - a column indexed table with the column names types - a column indexed table with the data types rows - a table containing a row table for each row the row table is a column indexed table of column values.
parseResponse (self, tns)

Parses the Query response from the server

Parameters

self
 
tns
response as received from the Comm.recvTNSPacket function.

Return value:

result table containing: columns - a column indexed table with the column names types - a column indexed table with the data types rows - a table containing a row table for each row the row table is a column indexed table of column values.
parseResponse (self, tns)

Parses the Query response from the server

Parameters

self
 
tns
response as received from the Comm.recvTNSPacket function.

Return value:

result table containing: columns - a column indexed table with the column names types - a column indexed table with the data types rows - a table containing a row table for each row the row table is a column indexed table of column values.
Query (self, query)

Queries the database

Parameters

self
 
query
string containing the SQL query

Return values:

  1. true on success, false on failure
  2. result table containing fields rows columns
  3. err containing error message when status is false
recv (self)

Read a TNS packet of the socket

Parameters

self
 

Return values:

  1. true on success, false on failure
  2. err string containing error message on failure
recvTNSPacket (self)

Receives a TNS packet and handles TNS-resends

Parameters

self
 

Return values:

  1. status true on success, false on failure
  2. tns Packet.TNS containing the received packet or err on failure
sendTNSPacket (self, pkt)

Attemts to send a TNS packet over the socket

Parameters

self
 
pkt
containing an instance of a Packet.*

Return values:

  1. Status (true or false).
  2. Error code (if status is false).
setCounter (self, counter)

Sets the current counter value This function is called from sendTNSPacket

Parameters

self
 
counter
number containing the counter value to set
setCounter (self, counter)

Sets the current counter value This function is called from sendTNSPacket

Parameters

self
 
counter
number containing the counter value to set
StealthLogin (self, user, password, pass)

Steal auth data from database

Parameters

self
 
user
containing the Oracle user name
password
 
pass
containing the Oracle user password

Return values:

  1. true on success, false on failure
  2. err containing error message when status is false
unmarshalKvp (data, pos)

Parses a TNS key-value pair data structure.

Parameters

data
Packed string to parse
pos
Position in the string at which the KVP begins

Return value:

table containing the last position read, the key, the value, and the KVP flags
unmarshalKvpComponent (data, pos)

Parses a key or value element from a TNS key-value pair data structure.

Parameters

data
Packed string to parse
pos
Position in the string at which the element begins

Return value:

table containing the last position read and the value parsed