Oracle exploitation:
tools https://github.com/bongbongco/CVE-2012-1675
nmap -Pn -sT --script=./oracle-tns-poison -p 1521 IP
If it's vuln, use odat
oda.py sidguesser -s IP -p 1521
double check if the system is vuln (if the username is XE)
3. obtain creds
4. once you find creds, you can now upload malicious files!
generate it with msfvenom:
Upload with odat.py
Execute the file:
Last updated