Jump to content

Auxiliary failed with "nomethoderror undefined method 'doctype'


Recommended Posts

Posted

Hello,

to be honest, i`m new in kali linux, thus im asking for understanding. Im trying to exploit Oracle database with metasploit module "oracle_login" and it ends with following statement

msf auxiliary(oracle_login) > run


[*] Nmap: Setting up credential file...
[*] Nmap: Starting Oracle bruteforce with 568 credentials against SID 'XE'...
[-] Missing RPORTS
[-] Auxiliary failed: RuntimeError Cannot continue without a valid port list.
[-] Call stack:
[-]   /usr/share/metasploit-framework/lib/msf/core/auxiliary/nmap.rb:162:in `nmap_add_ports'
[-]   /usr/share/metasploit-framework/lib/msf/core/auxiliary/nmap.rb:48:in `set_nmap_cmd'
[-]   /usr/share/metasploit-framework/lib/msf/core/auxiliary/nmap.rb:91:in `nmap_run'
[-]   /usr/share/metasploit-framework/modules/auxiliary/scanner/oracle/oracle_login.rb:62:in `run'
[*] Auxiliary module execution completed
msf auxiliary(oracle_login) > set SID ncia11
SID => ncia11
msf auxiliary(oracle_login) > set RPORTS 1521
RPORTS => 1521
msf auxiliary(oracle_login) > run

[*] Nmap: Setting up credential file...
[*] Nmap: Starting Oracle bruteforce with 568 credentials against SID 'ncia11'...
[*] Using RPORTS range 1521
[*] Nmap: Starting nmap with pid 1514
[*] Nmap: 'Warning: The -P0 option is deprecated. Please use -Pn'
[*] Nmap: Starting Nmap 7.40 ( https://nmap.org ) at 2017-04-18 11:35 CEST
[*] Nmap: NSE: Loaded 1 scripts for scanning.
[*] Nmap: NSE: Script Pre-scanning.
[*] Nmap: Initiating NSE at 11:35
[*] Nmap: Completed NSE at 11:35, 0.00s elapsed
[*] Nmap: Initiating ARP Ping Scan at 11:35
[*] Nmap: Scanning 192.168.137.148 [1 port]
[*] Nmap: Completed ARP Ping Scan at 11:35, 0.02s elapsed (1 total hosts)
[*] Nmap: Initiating SYN Stealth Scan at 11:35
[*] Nmap: Scanning 192.168.137.148 [1 port]
[*] Nmap: Discovered open port 1521/tcp on 192.168.137.148
[*] Nmap: Completed SYN Stealth Scan at 11:35, 0.00s elapsed (1 total ports)
[*] Nmap: NSE: Script scanning 192.168.137.148.
[*] Nmap: Initiating NSE at 11:35
[*] Nmap: Completed NSE at 11:35, 0.04s elapsed
[*] Nmap: Nmap scan report for 192.168.137.148
[*] Nmap: Host is up (0.0033s latency).
[*] Nmap: PORT     STATE SERVICE
[*] Nmap: 1521/tcp open  oracle
[*] Nmap: MAC Address: 00:15:5D:6E:63:11 (Microsoft)
[*] Nmap: NSE: Script Post-scanning.
[*] Nmap: Initiating NSE at 11:35
[*] Nmap: Completed NSE at 11:35, 0.00s elapsed
[*] Nmap: Read data files from: /usr/bin/../share/nmap
[*] Nmap: Nmap done: 1 IP address (1 host up) scanned in 0.65 seconds
[*] Nmap: Raw packets sent: 2 (72B) | Rcvd: 2 (72B)
[-] Auxiliary failed: NoMethodError undefined method `doctype' for #<Rex::Parser::NmapXMLStreamParser:0x0055cabb8f8988>
[-] Call stack:
[-]   /usr/lib/ruby/2.3.0/rexml/parsers/streamparser.rb:36:in `parse'
[-]   /usr/lib/ruby/2.3.0/rexml/document.rb:242:in `parse_stream'
[-]   /usr/share/metasploit-framework/lib/msf/core/auxiliary/nmap.rb:262:in `nmap_hosts'
[-]   /usr/share/metasploit-framework/modules/auxiliary/scanner/oracle/oracle_login.rb:65:in `run'
[*] Auxiliary module execution completed

[/CODE]


I have set RHOST, correct RPORTS and correct SID for the database (which is located at 192.168.137.148).

[B]uname -a[/B]
[CODE]
uname -a
Linux kali 4.9.0-kali3-amd64 #1 SMP Debian 4.9.18-1kali1 (2017-04-04) x86_64 GNU/Linux
[/CODE]
[B]lsb_release -a
[/B][CODE]lsb_release -a
No LSB modules are available.
Distributor ID:    Kali
Description:    Kali GNU/Linux Rolling
Release:    kali-rolling
Codename:    kali-rolling
[/CODE]
[B]ifconfig
[/B][CODE]ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.137.105  netmask 255.255.255.0  broadcast 192.168.137.255
        inet6 fe80::ed6a:6174:2190:25d5  prefixlen 64  scopeid 0x20<link>
        ether 00:15:5d:6e:63:1d  txqueuelen 1000  (Ethernet)
        RX packets 9810  bytes 10043669 (9.5 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 7180  bytes 798373 (779.6 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
[/CODE]
[B]metasploit version
[/B]metasploit v4.14.10-dev  

Does anybody know what does it mean "undefined method 'doctype'?

streamparser.rb code
[CODE]# frozen_string_literal: false
require "rexml/parsers/baseparser"

module REXML
  module Parsers
    class StreamParser
      def initialize source, listener
        @listener = listener
        @parser = BaseParser.new( source )
      end

      def add_listener( listener )
        @parser.add_listener( listener )
      end

      def parse
        # entity string
        while true
          event = @parser.pull
          case event[0]
          when :end_document
            return
          when :start_element
            attrs = event[2].each do |n, v|
              event[2][n] = @parser.unnormalize( v )
            end
            @listener.tag_start( event[1], attrs )
          when :end_element
            @listener.tag_end( event[1] )
          when :text
            normalized = @parser.unnormalize( event[1] )
            @listener.text( normalized )
          when :processing_instruction
            @listener.instruction( *event[1,2] )
          when :start_doctype
            @listener.doctype( *event[1..-1] )
          when :end_doctype
            # FIXME: remove this condition for milestone:3.2
            @listener.doctype_end if @listener.respond_to? :doctype_end
          when :comment, :attlistdecl, :cdata, :xmldecl, :elementdecl
            @listener.send( event[0].to_s, *event[1..-1] )
          when :entitydecl, :notationdecl
            @listener.send( event[0].to_s, event[1..-1] )
          when :externalentity
            entity_reference = event[1]
            content = entity_reference.gsub(/\A%|;\z/, "")
            @listener.entity(content)
          end
        end
      end
    end
  end
end[/CODE]

 

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...