Jump to content

Auxiliary failed with "nomethoderror undefined method 'doctype'


pdobrzyn

Recommended Posts

Hello,

to be honest, i`m new in kali linux, thus im asking for understanding. Im trying to exploit Oracle database with metasploit module "oracle_login" and it ends with following statement

msf auxiliary(oracle_login) > run


[*] Nmap: Setting up credential file...
[*] Nmap: Starting Oracle bruteforce with 568 credentials against SID 'XE'...
[-] Missing RPORTS
[-] Auxiliary failed: RuntimeError Cannot continue without a valid port list.
[-] Call stack:
[-]   /usr/share/metasploit-framework/lib/msf/core/auxiliary/nmap.rb:162:in `nmap_add_ports'
[-]   /usr/share/metasploit-framework/lib/msf/core/auxiliary/nmap.rb:48:in `set_nmap_cmd'
[-]   /usr/share/metasploit-framework/lib/msf/core/auxiliary/nmap.rb:91:in `nmap_run'
[-]   /usr/share/metasploit-framework/modules/auxiliary/scanner/oracle/oracle_login.rb:62:in `run'
[*] Auxiliary module execution completed
msf auxiliary(oracle_login) > set SID ncia11
SID => ncia11
msf auxiliary(oracle_login) > set RPORTS 1521
RPORTS => 1521
msf auxiliary(oracle_login) > run

[*] Nmap: Setting up credential file...
[*] Nmap: Starting Oracle bruteforce with 568 credentials against SID 'ncia11'...
[*] Using RPORTS range 1521
[*] Nmap: Starting nmap with pid 1514
[*] Nmap: 'Warning: The -P0 option is deprecated. Please use -Pn'
[*] Nmap: Starting Nmap 7.40 ( https://nmap.org ) at 2017-04-18 11:35 CEST
[*] Nmap: NSE: Loaded 1 scripts for scanning.
[*] Nmap: NSE: Script Pre-scanning.
[*] Nmap: Initiating NSE at 11:35
[*] Nmap: Completed NSE at 11:35, 0.00s elapsed
[*] Nmap: Initiating ARP Ping Scan at 11:35
[*] Nmap: Scanning 192.168.137.148 [1 port]
[*] Nmap: Completed ARP Ping Scan at 11:35, 0.02s elapsed (1 total hosts)
[*] Nmap: Initiating SYN Stealth Scan at 11:35
[*] Nmap: Scanning 192.168.137.148 [1 port]
[*] Nmap: Discovered open port 1521/tcp on 192.168.137.148
[*] Nmap: Completed SYN Stealth Scan at 11:35, 0.00s elapsed (1 total ports)
[*] Nmap: NSE: Script scanning 192.168.137.148.
[*] Nmap: Initiating NSE at 11:35
[*] Nmap: Completed NSE at 11:35, 0.04s elapsed
[*] Nmap: Nmap scan report for 192.168.137.148
[*] Nmap: Host is up (0.0033s latency).
[*] Nmap: PORT     STATE SERVICE
[*] Nmap: 1521/tcp open  oracle
[*] Nmap: MAC Address: 00:15:5D:6E:63:11 (Microsoft)
[*] Nmap: NSE: Script Post-scanning.
[*] Nmap: Initiating NSE at 11:35
[*] Nmap: Completed NSE at 11:35, 0.00s elapsed
[*] Nmap: Read data files from: /usr/bin/../share/nmap
[*] Nmap: Nmap done: 1 IP address (1 host up) scanned in 0.65 seconds
[*] Nmap: Raw packets sent: 2 (72B) | Rcvd: 2 (72B)
[-] Auxiliary failed: NoMethodError undefined method `doctype' for #<Rex::Parser::NmapXMLStreamParser:0x0055cabb8f8988>
[-] Call stack:
[-]   /usr/lib/ruby/2.3.0/rexml/parsers/streamparser.rb:36:in `parse'
[-]   /usr/lib/ruby/2.3.0/rexml/document.rb:242:in `parse_stream'
[-]   /usr/share/metasploit-framework/lib/msf/core/auxiliary/nmap.rb:262:in `nmap_hosts'
[-]   /usr/share/metasploit-framework/modules/auxiliary/scanner/oracle/oracle_login.rb:65:in `run'
[*] Auxiliary module execution completed

[/CODE]


I have set RHOST, correct RPORTS and correct SID for the database (which is located at 192.168.137.148).

[B]uname -a[/B]
[CODE]
uname -a
Linux kali 4.9.0-kali3-amd64 #1 SMP Debian 4.9.18-1kali1 (2017-04-04) x86_64 GNU/Linux
[/CODE]
[B]lsb_release -a
[/B][CODE]lsb_release -a
No LSB modules are available.
Distributor ID:    Kali
Description:    Kali GNU/Linux Rolling
Release:    kali-rolling
Codename:    kali-rolling
[/CODE]
[B]ifconfig
[/B][CODE]ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.137.105  netmask 255.255.255.0  broadcast 192.168.137.255
        inet6 fe80::ed6a:6174:2190:25d5  prefixlen 64  scopeid 0x20<link>
        ether 00:15:5d:6e:63:1d  txqueuelen 1000  (Ethernet)
        RX packets 9810  bytes 10043669 (9.5 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 7180  bytes 798373 (779.6 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
[/CODE]
[B]metasploit version
[/B]metasploit v4.14.10-dev  

Does anybody know what does it mean "undefined method 'doctype'?

streamparser.rb code
[CODE]# frozen_string_literal: false
require "rexml/parsers/baseparser"

module REXML
  module Parsers
    class StreamParser
      def initialize source, listener
        @listener = listener
        @parser = BaseParser.new( source )
      end

      def add_listener( listener )
        @parser.add_listener( listener )
      end

      def parse
        # entity string
        while true
          event = @parser.pull
          case event[0]
          when :end_document
            return
          when :start_element
            attrs = event[2].each do |n, v|
              event[2][n] = @parser.unnormalize( v )
            end
            @listener.tag_start( event[1], attrs )
          when :end_element
            @listener.tag_end( event[1] )
          when :text
            normalized = @parser.unnormalize( event[1] )
            @listener.text( normalized )
          when :processing_instruction
            @listener.instruction( *event[1,2] )
          when :start_doctype
            @listener.doctype( *event[1..-1] )
          when :end_doctype
            # FIXME: remove this condition for milestone:3.2
            @listener.doctype_end if @listener.respond_to? :doctype_end
          when :comment, :attlistdecl, :cdata, :xmldecl, :elementdecl
            @listener.send( event[0].to_s, *event[1..-1] )
          when :entitydecl, :notationdecl
            @listener.send( event[0].to_s, event[1..-1] )
          when :externalentity
            entity_reference = event[1]
            content = entity_reference.gsub(/\A%|;\z/, "")
            @listener.entity(content)
          end
        end
      end
    end
  end
end[/CODE]

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...