Library tns

TNS Library supporting a very limited subset of Oracle operations

Summary ------- The library currently provides functionality to connect and authenticate to the Oracle database server. Some preliminary query support has been added, which only works against a few specific versions. The library has been tested against and known to work with Oracle 10g and 11g. Please check the matrix below for tested versions that are known to work.

Due to the lack of documentation the library is based mostly on guesswork with a lot of unknowns. Bug reports are therefore both welcome and important in order to further improve this library. In addition, knowing that the library works against versions not in the test matrix is valuable as well.

Overview -------- The library contains the following classes:

o Packet.* - The Packet classes contain specific packets and function to serialize them to strings that can be sent over the wire. Each class may also contain a function to parse the servers response.

o Comm - Implements a number of functions to handle communication

o Crypt - Implements encryption algorithms and functions to support authentication with Oracle 10G and Oracle 11G.

o Helper - A helper class that provides easy access to the rest of the library

Example ------- The following sample code illustrates how scripts can use the Helper class to interface the library:

tnshelper = tns.Helper:new(host, port)
status, err = tnshelper:Connect()
status, res = tnshelper:Login("sys", "change_on_install")
status, err = tnshelper:Close()

Additional information ---------------------- The implementation is based on the following documentation and through analysis of packet dumps:

o Oracle 10g TNS AES-128 authentication details (Massimiliano Montoro) x http://www.oxid.it/downloads/oracle_tns_aes128_check.txt o Oracle 11g TNS AES-192 authentication details (Massimiliano Montoro) x http://www.oxid.it/downloads/oracle_tns_aes192_check.txt o Initial analysis of Oracle native authentication version 11g (László Tóth) x http://www.soonerorlater.hu/index.khtml?article_id=512 o Oracle native authentication version 9i and 10g (László Tóth) x http://www.soonerorlater.hu/index.khtml?article_id=511

This implementation is tested and known to work against Oracle 10g and 11g on both Linux and Windows. For details regarding what versions where tested please consult the matrix below.

Author:

• Patrik Karlsson <patrik@cqure.net>

Copyright © Same as Nmap--See https://nmap.org/book/man-legal.html

Source: https://svn.nmap.org/nmap/nselib/tns.lua

Script Arguments

tns.sid

specifies the Oracle instance to connect to

Functions

__tostring (self)

Serializes the packet into a string suitable to be sent to the DB server.

__tostring (self)

Serializes the packet into a string suitable to be sent to the DB server.

__tostring (self)

Serializes the packet into a string suitable to be sent to the DB server.

__tostring (self)

Serializes the packet into a string suitable to be sent to the DB server.

__tostring (self)

Serializes the packet into a string suitable to be sent to the DB server.

__tostring (self)

Serializes the packet into a string suitable to be sent to the DB server.

__tostring (self)

Serializes the packet into a string suitable to be sent to the DB server.

__tostring (self)

Serializes the packet into a string suitable to be sent to the DB server.

__tostring (self)

Serializes the packet into a string suitable to be sent to the DB server.

__tostring (self)

Serializes the packet into a string suitable to be sent to the DB server.

__tostring (self)

Serializes the packet into a string suitable to be sent to the DB server.

__tostring (self)

Serializes the packet into a string suitable to be sent to the DB server.

__tostring (self)

Serializes the packet into a string suitable to be sent to the DB server.

__tostring (self)

Serializes the packet into a string suitable to be sent to the DB server.

Close (self)

Ends the Oracle communication

Connect (self)

Connects and performs protocol negotiation with the Oracle server

Encrypt10g (self, user, pass, srv_sesskey_enc)

Performs the relevant encryption needed for the Oracle 10g response

Encrypt11g (self, pass, srv_sesskey_enc, auth_vrfy_data)

Performs the relevant encryption needed for the Oracle 11g response

exchTNSPacket (self, pkt)

Sends a TNS packet and receives (and handles) the response

getCounter (self)

Gets the current counter value

getCounter (self)

Gets the current counter value

handleMarker (self)

Handles communication when a MARKER packet is received and retrieves the following error message

HashPassword10g (self, username, password)

Creates an Oracle 10G password hash

Login (self, user, password, pass)

Authenticates to the database

lsnrCtl (self, cmd)

Sends a command to the TNS lsnr It currently accepts and tries to send all commands received

marshalKvp (key, value, flags)

Marshals a TNS key-value pair data structure

marshalKvpComponent (value)

Marshals a key or value element from a TNS key-value pair data structure

new (self, host, port, instance, socket)

Creates a new Helper instance

new (self, host, port, instance, socket)

Creates a new Helper instance

new (self, host, port, instance, socket)

Creates a new Helper instance

new (self, host, port, instance, socket)

Creates a new Helper instance

new (self, host, port, instance, socket)

Creates a new Helper instance

new (self, host, port, instance, socket)

Creates a new Helper instance

new (self, host, port, instance, socket)

Creates a new Helper instance

parseResponse (self, tns)

Parses the Query response from the server

parseResponse (self, tns)

Parses the Query response from the server

parseResponse (self, tns)

Parses the Query response from the server

parseResponse (self, tns)

Parses the Query response from the server

Query (self, query)

Queries the database

recv (self)

Read a TNS packet of the socket

recvTNSPacket (self)

Receives a TNS packet and handles TNS-resends

sendTNSPacket (self, pkt)

Attemts to send a TNS packet over the socket

setCounter (self, counter)

Sets the current counter value This function is called from sendTNSPacket

setCounter (self, counter)

Sets the current counter value This function is called from sendTNSPacket

StealthLogin (self, user, password, pass)

Steal auth data from database

unmarshalKvp (data, pos)

Parses a TNS key-value pair data structure.

unmarshalKvpComponent (data, pos)

Parses a key or value element from a TNS key-value pair data structure.

Functions

__tostring (self)

Serializes the packet into a string suitable to be sent to the DB server.

Parameters

self

 

Return value:

str string containing the serialized packet

__tostring (self)

Serializes the packet into a string suitable to be sent to the DB server.

Parameters

self

 

Return value:

str string containing the serialized packet

__tostring (self)

Serializes the packet into a string suitable to be sent to the DB server.

Parameters

self

 

Return value:

str string containing the serialized packet

__tostring (self)

Serializes the packet into a string suitable to be sent to the DB server.

Parameters

self

 

Return value:

str string containing the serialized packet

__tostring (self)

Serializes the packet into a string suitable to be sent to the DB server.

Parameters

self

 

Return value:

str string containing the serialized packet

__tostring (self)

Serializes the packet into a string suitable to be sent to the DB server.

Parameters

self

 

Return value:

str string containing the serialized packet

__tostring (self)

Serializes the packet into a string suitable to be sent to the DB server.

Parameters

self

 

Return value:

str string containing the serialized packet

__tostring (self)

Serializes the packet into a string suitable to be sent to the DB server.

Parameters

self

 

Return value:

str string containing the serialized packet

__tostring (self)

Serializes the packet into a string suitable to be sent to the DB server.

Parameters

self

 

Return value:

str string containing the serialized packet

__tostring (self)

Serializes the packet into a string suitable to be sent to the DB server.

Parameters

self

 

Return value:

str string containing the serialized packet

__tostring (self)

Serializes the packet into a string suitable to be sent to the DB server.

Parameters

self

 

Return value:

str string containing the serialized packet

__tostring (self)

Serializes the packet into a string suitable to be sent to the DB server.

Parameters

self

 

Return value:

str string containing the serialized packet

__tostring (self)

Serializes the packet into a string suitable to be sent to the DB server.

Parameters

self

 

Return value:

str string containing the serialized packet

__tostring (self)

Serializes the packet into a string suitable to be sent to the DB server.

Parameters

self

 

Return value:

str string containing the serialized packet

Close (self)

Ends the Oracle communication

Parameters

self

 

Connect (self)

Connects and performs protocol negotiation with the Oracle server

Parameters

self

 

Return values:

1. true on success, false on failure
2. err containing error message when status is false

Encrypt10g (self, user, pass, srv_sesskey_enc)

Performs the relevant encryption needed for the Oracle 10g response

Parameters

self

 

user

containing the Oracle user name

pass

containing the Oracle user password

srv_sesskey_enc

containing the encrypted server session key as received from the PreAuth packet

Return values:

1. cli_sesskey_enc the encrypted client session key
2. auth_pass the encrypted Oracle password

Encrypt11g (self, pass, srv_sesskey_enc, auth_vrfy_data)

Performs the relevant encryption needed for the Oracle 11g response

Parameters

self

 

pass

containing the Oracle user password

srv_sesskey_enc

containing the encrypted server session key as received from the PreAuth packet

auth_vrfy_data

containing the password salt as received from the PreAuth packet

Return values:

1. cli_sesskey_enc the encrypted client session key
2. auth_pass the encrypted Oracle password

exchTNSPacket (self, pkt)

Sends a TNS packet and receives (and handles) the response

Parameters

self

 

pkt

containing the Packet.* to send to the server

Return values:

1. status true on success, false on failure
2. the parsed response as return from the respective parseResponse function or error message if status was false

getCounter (self)

Gets the current counter value

Parameters

self

 

Return value:

counter number containing the current counter value

getCounter (self)

Gets the current counter value

Parameters

self

 

Return value:

counter number containing the current counter value

handleMarker (self)

Handles communication when a MARKER packet is received and retrieves the following error message

Parameters

self

 

Return values:

1. false always to indicate that an error occurred
2. msg containing the error message

HashPassword10g (self, username, password)

Creates an Oracle 10G password hash

Parameters

self

 

username

containing the Oracle user name

password

containing the Oracle user password

Return value:

hash containing the Oracle hash

Login (self, user, password, pass)

Authenticates to the database

Parameters

self

 

user

containing the Oracle user name

password

 

pass

containing the Oracle user password

Return values:

1. true on success, false on failure
2. err containing error message when status is false

lsnrCtl (self, cmd)

Sends a command to the TNS lsnr It currently accepts and tries to send all commands received

Parameters

self

 

cmd

string containing the command to send to the server

Return value:

data string containing the result received from the server

marshalKvp (key, value, flags)

Marshals a TNS key-value pair data structure

Parameters

key

The key

value

The value

flags

The flags

Return value:

A binary packed string representing the KVP structure

marshalKvpComponent (value)

Marshals a key or value element from a TNS key-value pair data structure

Parameters

value

The key or value

Return value:

A binary packed string representing the element

new (self, host, port, instance, socket)

Creates a new Helper instance

Parameters

self

 

host

table containing the host table as received by action

port

table containing the port table as received by action

instance

string containing the instance name

socket

 

Return value:

o new instance of Helper

new (self, host, port, instance, socket)

Creates a new Helper instance

Parameters

self

 

host

table containing the host table as received by action

port

table containing the port table as received by action

instance

string containing the instance name

socket

 

Return value:

o new instance of Helper

new (self, host, port, instance, socket)

Creates a new Helper instance

Parameters

self

 

host

table containing the host table as received by action

port

table containing the port table as received by action

instance

string containing the instance name

socket

 

Return value:

o new instance of Helper

new (self, host, port, instance, socket)

Creates a new Helper instance

Parameters

self

 

host

table containing the host table as received by action

port

table containing the port table as received by action

instance

string containing the instance name

socket

 

Return value:

o new instance of Helper

new (self, host, port, instance, socket)

Creates a new Helper instance

Parameters

self

 

host

table containing the host table as received by action

port

table containing the port table as received by action

instance

string containing the instance name

socket

 

Return value:

o new instance of Helper

new (self, host, port, instance, socket)

Creates a new Helper instance

Parameters

self

 

host

table containing the host table as received by action

port

table containing the port table as received by action

instance

string containing the instance name

socket

 

Return value:

o new instance of Helper

new (self, host, port, instance, socket)

Creates a new Helper instance

Parameters

self

 

host

table containing the host table as received by action

port

table containing the port table as received by action

instance

string containing the instance name

socket

 

Return value:

o new instance of Helper

parseResponse (self, tns)

Parses the Query response from the server

Parameters

self

 

tns

response as received from the Comm.recvTNSPacket function.

Return value:

result table containing: columns - a column indexed table with the column names types - a column indexed table with the data types rows - a table containing a row table for each row the row table is a column indexed table of column values.

parseResponse (self, tns)

Parses the Query response from the server

Parameters

self

 

tns

response as received from the Comm.recvTNSPacket function.

Return value:

result table containing: columns - a column indexed table with the column names types - a column indexed table with the data types rows - a table containing a row table for each row the row table is a column indexed table of column values.

parseResponse (self, tns)

Parses the Query response from the server

Parameters

self

 

tns

response as received from the Comm.recvTNSPacket function.

Return value:

result table containing: columns - a column indexed table with the column names types - a column indexed table with the data types rows - a table containing a row table for each row the row table is a column indexed table of column values.

parseResponse (self, tns)

Parses the Query response from the server

Parameters

self

 

tns

response as received from the Comm.recvTNSPacket function.

Return value:

result table containing: columns - a column indexed table with the column names types - a column indexed table with the data types rows - a table containing a row table for each row the row table is a column indexed table of column values.

Query (self, query)

Queries the database

Parameters

self

 

query

string containing the SQL query

Return values:

1. true on success, false on failure
2. result table containing fields rows columns
3. err containing error message when status is false

recv (self)

Read a TNS packet of the socket

Parameters

self

 

Return values:

1. true on success, false on failure
2. err string containing error message on failure

recvTNSPacket (self)

Receives a TNS packet and handles TNS-resends

Parameters

self

 

Return values:

1. status true on success, false on failure
2. tns Packet.TNS containing the received packet or err on failure

sendTNSPacket (self, pkt)

Attemts to send a TNS packet over the socket

Parameters

self

 

pkt

containing an instance of a Packet.*

Return values:

1. Status (true or false).
2. Error code (if status is false).

setCounter (self, counter)

Sets the current counter value This function is called from sendTNSPacket

Parameters

self

 

counter

number containing the counter value to set

setCounter (self, counter)

Sets the current counter value This function is called from sendTNSPacket

Parameters

self

 

counter

number containing the counter value to set

StealthLogin (self, user, password, pass)

Steal auth data from database

Parameters

self

 

user

containing the Oracle user name

password

 

pass

containing the Oracle user password

Return values:

1. true on success, false on failure
2. err containing error message when status is false

unmarshalKvp (data, pos)

Parses a TNS key-value pair data structure.

Parameters

data

Packed string to parse

pos

Position in the string at which the KVP begins

Return value:

table containing the last position read, the key, the value, and the KVP flags

unmarshalKvpComponent (data, pos)

Parses a key or value element from a TNS key-value pair data structure.

Parameters

data

Packed string to parse

pos

Position in the string at which the element begins

Return value:

table containing the last position read and the value parsed