Shulou(Shulou.com)05/31 Report--

This article mainly introduces how to use the Oracle EBS penetration testing tool in ERP security, has a certain reference value, interested friends can refer to, I hope you can learn a lot after reading this article, let the editor take you to understand it.

ERP security is a separate part of IT security. Today, ERP represents a variety of tools and services written based on different technologies. It is essential to have appropriate knowledge and manageable tools in the area of security.

When we explored the security of Oracle e-commerce suite, we noticed that there is a lack of security tools that can help us simplify security assessment, convenient and free. There are a lot of various modules or scripts that just casually check one or two questions. To this end, we decided to develop our own solution, the first free Oracle e-commerce suite security scanner-ERPSCAN EBS Pentesting tool.

This is a "encapsulation" of a variety of EBS exploits developed by our research team. All modules are represented in python language. Currently, there are four main modules (one of which uses the EBS user password decryptor):

EBS DB user explosion

EBS user explosion

EBS Java serialization test

EBS XML serialization test.

So far, we have released only four of them. If the feedback from this tool is good, we will continue the project and release more of our proprietary modules.

Test Oracle EBS database Oracle EBS DB user explosions

The script explodes standard DB users with predefined passwords. In addition, it can get the password of the EBS user from the APPS.fnd_user table, and if the password is hashed, it will use the ebsDecrypt.py module to decrypt it. All findings will be saved in the dbCheckResults.txt file.

Help

You should install cx_Oracle to operate.

Usage: dbUsersBforce.py [- h] [- H HOST] [- P PORT] [- s SID] [- d DEC] [- v] EBS DB Users brute-force Python Script. It tests for default DB users with the predefined passwords. Also it can checkwhether any bruted DB user can decrypt EBS Users passwords (of course if Password Hashing is not implemented) .optional arguments:-h,-- help displays help and exits-H HOST,-- host HOST DB host (default: 127.0.0.1). Example: ebs.example.com-P PORT,-- port PORT DB port (default: 1521)-s SID,-- sid SID DB SID (default: EBSDB)-d DEC,-- dec DEC attempts to decrypt the EBS user password? Y _ verbose N-v,-- detailed mode

Usage

The application user password should be capitalized.

$decrypt.py-k APPS-d ZH4715DC7E9C2213F7CD56D44CE1CB8625FB71D0F4935EFEAE5B8CA66117B9C2D6A1E733BA80005F4CD19706A03218E8C5E4 test Oracle EBS application EBS user burst

The script explodes the EBS default user with a predefined password. It handles two types of authentication versions (don't mix with SSO! ).

Help

Usage: ebsUsersBforce.py [- h] [- H HOST] [- P PORT] [- s] [- t TIMEOUT] [- v] EBS Users brute-force python script brutes EBS default users with predefined passwords.optional arguments:-h,-- help displays help information and exits-H HOST,-- host HOST EBS host (default: 127.0.0.1). Example: ebs.example.com-P PORT,-- port PORT EBS web port (default: 8000)-s,-- ssl enables SSL-t TIMEOUT,-- timeout TIMEOUT HTTP connection timeout seconds (default: 10)-v,-- verbose verbose mode

Usage

$ebsUsersBforce.py-H ebs.example.com-P 8000Oracle EBS Java serialization test

EBS python script, Java serialization sleep payloads test based on Apache Commons Collections 3. It sends a special sleep payloads and checks the response time value. If the response time value exceeds 10 seconds, the test host is extremely vulnerable to Java deserialization attacks.

Help

Usage: javaSerDetect.py [- h] [- H HOST] [- P PORT] [- u URL] [- s] [- t TIMEOUT] [- v] EBS python script for Java Serialization sleep payloads testing based on Apache Commons Collections 3.optional arguments:-h,-- help displays help information and exits-H HOST,-- host HOST EBS host (default: 127.0.0.1). Example: ebs.example.com-P PORT,-- port PORT EBS web port (default: 8000)-u URL,-- url URL EBS target URL (default: OA_HTML/iesRuntimeServlet)-s,-- ssl enable SSL-t TIMEOUT,-- timeout TIMEOUT HTTP connection timeout seconds (default: 15)-v,-- verbose verbose mode

Usage

$javaSerDetect.py-H ebs.example.com-P 8000Oracle WebLogic level check

Oracle EBS XML serialization test

Python script, based on the XML serialization sleep payloads test of CVE-2017-3506x10271. It sends a special sleep payloads and checks the response time value. If the response time value exceeds 10 seconds, the test host is extremely vulnerable to XML deserialization attacks.

Help

Usage: xmlSerDetect.py [- h] [- H HOST] [- P PORT] [- u URL] [- s] [- t TIMEOUT] [- v] EBS python script for XML Serialization sleep payload testing based on `CVE-2017-3506 & amp 10271`.assistance arguments:-h,-help displays help information and exits-H HOST,-- host HOST WebLogic host (default: 127.0.0.1). Example: ebs.example.com-P PORT,-- port PORT WebLogic port (default: 7001)-u URL,-- url URL WebLogic target URL (default: wls-wsat/CoordinatorPortType)-s,-- ssl enable SSL-t TIMEOUT,-- timeout TIMEOUT HTTP connection timeout seconds (default: 15)-v,-- verbose verbose mode

Usage

$xmlSerDetect.py-H ebs.example.com-P 7001 Thank you for reading this article carefully. I hope the article "how to use Oracle EBS Penetration testing tool in ERP Security" shared by the editor will be helpful to you. At the same time, I hope you will support us and pay attention to the industry information channel. More related knowledge is waiting for you to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.