5.0 KiB
5.0 KiB
The teradata_odbc_sql module is used to run SQL queries for Teradata databases.
Vulnerable Application
- Teradata Database
- Teradata Express
Teradata databases can be identified by scanning for TCP port 1025. An Nmap version scan can confirm if the service is recognized as Teradata.
The teradata_odbc_login module can be used to brute-force credentials.
Extra Requirements
This module requires the Teradata ODBC driver and the Teradata python library.
ODBC Driver for Kali Linux 2017.3
- Download the Teradata ODBC driver for Ubuntu from downloads.teradata.com.
- Refer to the Ubuntu package README for up-to-date instructions.
- Install lib32stdc++6 if necessary.
- Install the ODBC drivers:
dpkg -i [package].deb - Copy /opt/teradata/client/ODBC_64/odbc.ini to /root/.odbc.ini .
- Or your home directory if not root.
- Make sure odbc.ini has been renamed to .obdc.ini .
Configuration for OS X
On OS X the Python client needs to be pointed to the ODBC driver manually. Create ~/udaexec.ini with the following contents:
[CONFIG]
odbcLibPath=/usr/lib/libiodbc.dylib
Python Package
pip install teradata
Verification Steps
- Deploy a Teradata Express test environment.
- Install the OBCD driver and python package.
- Start msfconsole.
- Do:
use auxiliary/admin/teradata/teradata_odbc_sql - Do:
set RHOSTS [IPs] - Do:
set USERNAME [username to try] - Do:
set PASSWORD [password to try]- The default Teradata credentials are the matching username and password 'DBC'.
- Set a SQL query for the 'SQL' option.
- The default is
SELECT DATABASENAME FROM DBC.DATABASES
- The default is
- Do:
run
msf > use auxiliary/admin/teradata/teradata_odbc_sql
msf auxiliary(admin/teradata/teradata_odbc_sql) > show options
Module options (auxiliary/admin/teradata/teradata_odbc_sql):
Name Current Setting Required Description
---- --------------- -------- -----------
PASSWORD dbc yes Password
RHOSTS yes The target address range or CIDR identifier
SQL SELECT DATABASENAME FROM DBC.DATABASES yes SQL query to perform
THREADS 1 yes The number of concurrent threads
USERNAME dbc yes Username
msf auxiliary(admin/teradata/teradata_odbc_sql) > set RHOSTS 192.168.0.2
RHOSTS => 192.168.0.2
msf auxiliary(admin/teradata/teradata_odbc_sql) > run
[*] Running for 192.168.0.2...
[*] 192.168.0.2 - dbc:dbc - Starting
[*] 192.168.0.2 - Creating connection: %s
[*] 192.168.0.2 - Loading ODBC Library: %s
[*] 192.168.0.2 - Available drivers: Teradata Database ODBC Driver 16.20,
[*] 192.168.0.2 - Connection successful. Duration: %.3f seconds. Details: %s
[+] 192.168.0.2 - dbc:dbc - Login Successful
[*] 192.168.0.2 - Starting - SELECT DATABASENAME FROM DBC.DATABASES
[*] 192.168.0.2 - Query Successful. Duration: %.3f seconds,%sQuery: %s%s
[+] 192.168.0.2 - Row 1: [DatabaseUser ]
[+] 192.168.0.2 - Row 2: [All ]
[+] 192.168.0.2 - Row 3: [SYSJDBC ]
[+] 192.168.0.2 - Row 4: [TDStats ]
[+] 192.168.0.2 - Row 5: [TD_SYSXML ]
[+] 192.168.0.2 - Row 6: [PUBLIC ]
[+] 192.168.0.2 - Row 7: [DBC ]
[+] 192.168.0.2 - Row 8: [SYSBAR ]
[+] 192.168.0.2 - Row 9: [TD_SYSGPL ]
[+] 192.168.0.2 - Row 10: [SYSLIB ]
[+] 192.168.0.2 - Row 11: [SQLJ ]
[+] 192.168.0.2 - Row 12: [LockLogShredder ]
[+] 192.168.0.2 - Row 13: [Default ]
[+] 192.168.0.2 - Row 14: [TDPUSER ]
[+] 192.168.0.2 - Row 15: [TD_SYSFNLIB ]
[+] 192.168.0.2 - Row 16: [EXTUSER ]
[+] 192.168.0.2 - Row 17: [tdwm ]
[+] 192.168.0.2 - Row 18: [SystemFe ]
[+] 192.168.0.2 - Row 19: [External_AP ]
[+] 192.168.0.2 - Row 20: [TDQCD ]
[+] 192.168.0.2 - Row 21: [dbcmngr ]
[+] 192.168.0.2 - Row 22: [Sys_Calendar ]
[+] 192.168.0.2 - Row 23: [SysAdmin ]
[+] 192.168.0.2 - Row 24: [TD_SERVER_DB ]
[+] 192.168.0.2 - Row 25: [TDMaps ]
[+] 192.168.0.2 - Row 26: [SYSUDTLIB ]
[+] 192.168.0.2 - Row 27: [Crashdumps ]
[+] 192.168.0.2 - Row 28: [SYSSPATIAL ]
[+] 192.168.0.2 - Row 29: [MyUser ]
[+] 192.168.0.2 - Row 30: [SYSUIF ]
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed