search

rapid7 / metasploit-framework

Metasploit Framework
https://www.metasploit.com/
Other
34.3k stars 14.01k forks source link

scanner/oracle/oracle_login - NoMethodError undefined method `doctype' for Rex::Parser::NmapXMLStreamParser #11063

Open bcoles opened 5 years ago

bcoles commented 5 years ago 
msf5 auxiliary(scanner/oracle/oracle_login) > run

[*] Nmap: Setting up credential file...
[*] Nmap: Starting Oracle bruteforce with 568 credentials against SID 'XE'...
[*] Using RPORTS range 1521
[*] Nmap: Starting nmap with pid 53933
[*] Nmap: 'Warning: The -P0 option is deprecated. Please use -Pn'
[*] Nmap: Starting Nmap 7.70SVN ( https://nmap.org ) at 2018-12-03 20:42 EST
[*] Nmap: NSE: Loaded 1 scripts for scanning.
[*] Nmap: NSE: Script Pre-scanning.
[*] Nmap: Initiating NSE at 20:42
[*] Nmap: Completed NSE at 20:42, 0.00s elapsed
[*] Nmap: Initiating SYN Stealth Scan at 20:42
[*] Nmap: Scanning 2 hosts [1 port/host]
[*] Nmap: Discovered open port 1521/tcp on 123.123.123.123
[*] Nmap: Discovered open port 1521/tcp on 123.123.123.124
[*] Nmap: Completed SYN Stealth Scan at 20:42, 0.22s elapsed (2 total ports)
[*] Nmap: NSE: Script scanning 2 hosts.
[*] Nmap: Initiating NSE at 20:42
[*] Nmap: Completed NSE at 20:42, 0.04s elapsed
[*] Nmap: Nmap scan report for 123.123.123.123
[*] Nmap: Host is up (0.0031s latency).
[*] Nmap: PORT     STATE SERVICE
[*] Nmap: 1521/tcp open  oracle
[*] Nmap: Nmap scan report for 123.123.123.124
[*] Nmap: Host is up (0.0078s latency).
[*] Nmap: PORT     STATE SERVICE
[*] Nmap: 1521/tcp open  oracle
[*] Nmap: NSE: Script Post-scanning.
[*] Nmap: Initiating NSE at 20:42
[*] Nmap: Completed NSE at 20:42, 0.00s elapsed
[*] Nmap: Read data files from: /usr/local/bin/../share/nmap
[*] Nmap: Nmap done: 2 IP addresses (2 hosts up) scanned in 0.51 seconds
[*] Nmap: Raw packets sent: 2 (88B) | Rcvd: 2 (88B)
[-] Auxiliary failed: NoMethodError undefined method `doctype' for #<Rex::Parser::NmapXMLStreamParser:0x0000564f22cd1dc0>
[-] Call stack:
[-]   /usr/lib/ruby/2.5.0/rexml/parsers/streamparser.rb:44:in `parse'
[-]   /usr/lib/ruby/2.5.0/rexml/document.rb:242:in `parse_stream'
[-]   /pentest/exploits/metasploit-framework/lib/msf/core/auxiliary/nmap.rb:262:in `nmap_hosts'
[-]   /pentest/exploits/metasploit-framework/modules/auxiliary/scanner/oracle/oracle_login.rb:62:in `run'
[*] Auxiliary module execution completed
bcoles commented 5 years ago

I know other people have encountered this issue too.

@7043mcgeep As a resident Oracle Expert, would you mind also taking a look at this?

If you can post the xml logs from nmap, that might help narrow down the root cause.

The raw nmap command to run is built like this:

  def nmap_build_args(credpath)
    nmap_reset_args
    nmap_append_arg "-P0"
    nmap_append_arg "--script oracle-brute"
    script_args = [
      "tns.sid=#{sid}",
      "brute.mode=creds",
      "brute.credfile=#{credpath}",
      "brute.threads=1"
    ]
    script_args << "brute.delay=#{set_brute_delay}"
    nmap_append_arg "--script-args \"#{script_args.join(",")}\""
    nmap_append_arg "-n"
    nmap_append_arg "-v" if datastore['VERBOSE']
  end

So probably looks something like this:

/path/to/nmap -P0 --script oracle-brute --script-args "tns.sid=XE,brute.mode=creds,brute.credfile=/tmp/somefile,brute.threads=1,brute.delay=0" -n -v -oX pleasepostthisfile.xml
7043mcgeep commented 5 years ago

@bcoles My run has a different issue:

...
[*] Nmap: Initiating NSE at 13:42
[*] Nmap: Completed NSE at 13:42, 0.00s elapsed
[*] Nmap: Read data files from: C:\Program Files (x86)\Nmap
[*] Nmap: Nmap done: 1 IP address (1 host up) scanned in 2.08 seconds
[*] Nmap: Raw packets sent: 1 (44B) | Rcvd: 2 (88B)
[-] Nmap Warning: Output file is empty, no useful results can be processed.
[-] Auxiliary failed: RuntimeError data cannot be empty
[-] Call stack:
[-]   /home/me/git/metasploit-framework/vendor/ruby/2.6.0/gems/nokogiri-1.10.1/lib/nokogiri/xml/sax/parser.rb:108:in `memory'
[-]   /home/me/git/metasploit-framework/vendor/ruby/2.6.0/gems/nokogiri-1.10.1/lib/nokogiri/xml/sax/parser.rb:108:in `parse_memory'
[-]   /home/me/git/metasploit-framework/vendor/ruby/2.6.0/gems/nokogiri-1.10.1/lib/nokogiri/xml/sax/parser.rb:83:in `parse'
[-]   /home/me/git/metasploit-framework/lib/msf/core/db_manager/import/nmap.rb:12:in `import_nmap_noko_stream'
[-]   /home/me/git/metasploit-framework/lib/metasploit/framework/data_service/proxy/core.rb:136:in `method_missing'
[-]   /home/me/git/metasploit-framework/lib/msf/core/auxiliary/nmap.rb:248:in `nmap_hosts'
[-]   /home/me/git/metasploit-framework/modules/auxiliary/scanner/oracle/oracle_login.rb:62:in `run'
[*] Auxiliary module execution completed

Thrown off by this one.

github-actions[bot] commented 3 years ago

Hi!

This issue has been left open with no activity for a while now.

We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here. If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.

bcoles commented 3 years ago

Removing the stale label. This is probably still a bug, but there's no appetite to fix it.

Ayodub commented 2 years ago

Hi, this bug still seems to exist in the latest version of Metasploit. With the same errors as shown above.