Note
It typically runs on port
1521
.
Nmap scan
nmap -p1521 -sV 10.129.204.235 --open
HTB Cheatsheet
Command | Description |
---|---|
nmap -p1521 -sV 10.129.204.235 --open --script oracle-sid-brute | Nmap SID brute forcing. |
./odat.py all -s <FQDN/IP> | Perform a variety of scans to gather information about the Oracle database services and its components. |
sqlplus <user>/<pass>@<FQDN/IP>/<db> | Log in to the Oracle database. |
./odat.py utlfile -s <FQDN/IP> -d <db> -U <user> -P <pass> --sysdba --putFile C:\\insert\\path file.txt ./file.txt | Upload a file to a web server (to test for reverse shells). |
Script to have all the necessary tools
#!/bin/bash
sudo apt-get install libaio1 python3-dev alien -y
git clone https://github.com/quentinhardy/odat.git
cd odat/
git submodule init
git submodule update
wget https://download.oracle.com/otn_software/linux/instantclient/2112000/instantclient-basic-linux.x64-21.12.0.0.0dbru.zip
unzip instantclient-basic-linux.x64-21.12.0.0.0dbru.zip
wget https://download.oracle.com/otn_software/linux/instantclient/2112000/instantclient-sqlplus-linux.x64-21.12.0.0.0dbru.zip
unzip instantclient-sqlplus-linux.x64-21.12.0.0.0dbru.zip
export LD_LIBRARY_PATH=instantclient_21_12:$LD_LIBRARY_PATH
export PATH=$LD_LIBRARY_PATH:$PATH
pip3 install cx_Oracle
sudo apt-get install python3-scapy -y
sudo pip3 install colorlog termcolor passlib python-libnmap
sudo apt-get install build-essential libgmp-dev -y
pip3 install pycryptodome
You should check Footprinting Theory ๐ to get further knowledge.