• Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Menu
  • Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Search
Close
  • Home
  • 2018
  • February
  • 25
  • ODAT – Oracle Database Attack Tool

ODAT – Oracle Database Attack Tool

February 25, 2018July 27, 2019 Comments Off on ODAT – Oracle Database Attack Tool
hack oracle database how to use odat ODAT - Oracle Database Attack Tool odat tutorial

ODAT (Oracle Database Attacking Tool) is an open source penetration testing tool that tests the security of Oracle Databases remotely.

Usage examples of ODAT:

  • You have an Oracle database listening remotely and want to find valid SIDs and credentials in order to connect to the database
  • You have a valid Oracle account on a database and want to escalate your privileges to become DBA or SYSDBA
  • You have a Oracle account and you want to execute system commands (e.g. reverse shell) in order to move forward on the operating system hosting the database

Tested on Oracle Database 10g, 11g and 12c (12.1.0.2.0).

 

Features

Thanks to ODAT, you can:

  • search valid SID on a remote Oracle Database listener via:
  • a dictionary attack
  • a brute force attack
  • ALIAS of the listener
  • search Oracle accounts using:
  • a dictionary attack
  • each Oracle user like the password (need an account before to use this attack)
  • execute system commands on the database server using:
  • DBMS_SCHEDULER
  • JAVA
  • external tables
  • oradbg
  • download files stored on the database server using:
  • UTL_FILE
  • external tables
  • CTXSYS
  • DBMS_LOB
  • upload files on the database server using:
  • UTL_FILE
  • DBMS_XSLPROCESSOR
  • DBMS_ADVISOR
  • delete files using:
  • UTL_FILE
  • gain privileged access using these following system privileges combinations (see help for privesc module commands): (NEW : 2016/02/21)
  • CREATE ANY PROCEDURE
  • CREATE PROCEDURE and EXECUTE ANY PROCEDURE
  • CREATE ANY TRIGER (and CREATE PROCEDURE)
  • ANALYZE ANY (and CREATE PROCEDURE)
  • CREATE ANY INDEX (and CREATE PROCEDURE)
  • send/reveive HTTP requests from the database server using:
  • UTL_HTTP
  • HttpUriType
  • scan ports of the local server or a remote server using:
  • UTL_HTTP
  • HttpUriType
  • UTL_TCP
  • capture a SMB authentication through:
  • an index in order trigger a SMB connection
  • exploit some CVE:
  • the CVE-2012-3137
    • pickup the session key and salt for arbitrary users
    • attack by dictionary on sessions
  • the CVE-2012-????: A user authenticated can modify all tables who can select even if he can’t modify them normally (no ALTER privilege).
  • the CVE-2012-1675 (aka TNS poisoning attack) (NEW : 25/03/2016)
  • search in column names thanks to the search module:
  • search a pattern (ex: password) in column names
  • unwrap PL/SQL source code (10g/11g and 12c)
  • get system privileges and roles granted. It is possible to get privileges and roles of roles granted also (NEW : 21/02/2016)

 

 

Supported Platforms and dependencies

ODAT is compatible with Linux only.

Standalone versions exist in order to don’t have need to install dependencies and slqplus (see https://github.com/quentinhardy/odat/releases/). The ODAT standalone has been generated thanks to pyinstaller.

If you want to have the development version installed on your computer, these following tools and dependencies are needed:

  • Langage: Python 2.7
  • Oracle dependancies:
  • Instant Oracle basic
  • Instant Oracle sdk
  • Python libraries:
  • cx_Oracle
  • passlib
  • pycrypto
  • python-scapy
  • colorlog (recommended)
  • termcolor (recommended)
  • argcomplete (recommended)
  • pyinstaller (recommended)

 

Oracle Database Attacking Tool: ODAT wiki

Oracle Database Attacking Tool: ODAT Download

Post navigation

GlobaLeaks – Opensource Whistleblowing Framework
CredCrack – A Fast and Stealthy Credential Harvester

Related Articles

CVE-2023-28432: High severity security vulnerability in MinIO

CVE-2023-28432: High severity security vulnerability in MinIO

- Hack Tools
March 24, 2023
CVE-2023-0386: A New Linux Kernel Vulnerability Puts Systems at Risk

CVE-2023-0386: A New Linux Kernel Vulnerability Puts Systems at Risk

- Hack Tools
March 23, 2023
APCLdr - Payload Loader With Evasion Features

APCLdr – Payload Loader With Evasion Features

- Hack Tools
March 23, 2023
hacker gadgets
hacker phone covers

Recent Posts

CVE-2023-28432: High severity security vulnerability in MinIO

CVE-2023-28432: High severity security vulnerability in MinIO

March 24, 2023
CVE-2023-0386: A New Linux Kernel Vulnerability Puts Systems at Risk

CVE-2023-0386: A New Linux Kernel Vulnerability Puts Systems at Risk

March 23, 2023
APCLdr - Payload Loader With Evasion Features

APCLdr – Payload Loader With Evasion Features

March 23, 2023
Reverseip_Py - Domain Parser For IPAddress.com Reverse IP Lookup

Reverseip_Py – Domain Parser For IPAddress.com Reverse IP Lookup

March 23, 2023
Probable_Subdomains - Subdomains Analysis And Generation Tool. Reveal The Hidden!

Probable_Subdomains – Subdomains Analysis And Generation Tool. Reveal The Hidden!

March 23, 2023
Gmailc2 - A Fully Undetectable C2 Server That Communicates Via Google SMTP To Evade Antivirus Protections And Network Traffic Restrictions

Gmailc2 – A Fully Undetectable C2 Server That Communicates Via Google SMTP To Evade Antivirus Protections And Network Traffic Restrictions

March 22, 2023

Social Media Hacking

SocialPath – Track users across Social Media Platforms

SocialPath – Track users across Social Media Platforms

- Social Media Hacking
October 16, 2019October 16, 2019

SocialPath is a django application for gathering social media intelligence on specific username. It checks for Twitter, Instagram, Facebook, Reddit...

SocialScan – Check Email Address and Username Availability on Online Platforms

SocialScan – Check Email Address and Username Availability on Online Platforms

June 17, 2019
Shellphish – Phishing Tool For 18 Social Media Apps

Shellphish – Phishing Tool For 18 Social Media Apps

June 10, 2019July 27, 2019
WhatsApp Hacking using QRLJacking

WhatsApp Hacking using QRLJacking

May 2, 2019May 19, 2019
How to Hack any Facebook Account with Z-Shadow

How to Hack any Facebook Account with Z-Shadow

April 26, 2019June 29, 2020
hacker buffs

About Us

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Join Our Community!

Please wait...
Get the latest News and Hacking Tools delivered to your inbox.
Don't Worry ! You will not be spammed

Active Members

Submit a Tool

Hackers Handbook 2018


Grab your copy here

ABOUT US

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Our primary focus revolves around the latest tools released in the Infosec community and provide a platform for developers to showcase their skillset and current projects.

COMPANY
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Menu
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Live Chat
RESOURCES
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Menu
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Get Started
TOOLBOX
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Menu
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Tools Directory

2014 – 2020 | Haxf4rall.com               Stay Connected:

Facebook Twitter Google-plus Wordpress
Please wait...

Join Our Community

Subscribe now and get your free HACKERS HANDBOOK

Don't Worry ! You will not be spammed
SIGN UP FOR NEWSLETTER NOW