Jump to content
Nytro

Oracle Database Attacking Tool

By Nytro, in Programe hacking

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

Oracle Database Attacking Tool

ODAT linux standalone version at https://github.com/quentinhardy/odat-standalones

ODAT

ODAT (Oracle Database Attacking Tool) is an open source penetration testing tool that tests the security of Oracle Databases remotely.

Usage examples of ODAT:

  • You have an Oracle database listening remotely and want to find valid SIDs and credentials in order to connect to the database
  • You have a valid Oracle account on a database and want to escalate your privileges (ex: SYSDBA)
  • You have a valid Oracle account and want to execute commands on the operating system hosting this DB (ex: reverse shell)

Tested on Oracle Database 10g, 11g and 12c(12.1.0.2.0).

Features

Thanks to ODAT, you can:

  • search valid SID on a remote Oracle Database listener via:
    • a dictionary attack
    • a brute force attack
    • ALIAS of the listener

    [*]search Oracle accounts using:

    • a dictionary attack
    • each Oracle user like the password (need an account before to use this attack)

    [*]execute system commands on the database server using:

    • DBMS_SCHEDULER
    • JAVA
    • external tables
    • oradbg

    [*]download files stored on the database server using:

    • UTL_FILE
    • external tables
    • CTXSYS
    • DBMS_LOB (NEW : 2014/07/28)

    [*]upload files on the database server using:

    • UTL_FILE
    • DBMS_XSLPROCESSOR
    • DBMS_ADVISOR

    [*]delete files using:

    • UTL_FILE

    [*]send/reveive HTTP requests from the database server using:

    • UTL_HTTP
    • HttpUriType

    [*]scan ports of the local server or a remote server using:

    • UTL_HTTP
    • HttpUriType
    • UTL_TCP

    [*]capture a SMB authentication through:

    • an index in order trigger a SMB connection

    [*]exploit the CVE-2012-313 (CVE-2012-3137 : The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 all)

    • pickup the session key and salt for arbitrary users
    • attack by dictionary on sessions

    [*]check CVE-2012-1675 (http://seclists.org/fulldisclosure/2012/Apr/204)

    [*]search in column names thanks to the search module: (NEW : 2015/03/17)

    • search a pattern (ex: password) in column names

    [*]unwrap PL/SQL source code (10g/11g and 12c) ODAT_main_features_v1.1.jpg

Sursa: https://github.com/quentinhardy/odat

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...