-
Notifications
You must be signed in to change notification settings - Fork 345
Home
This wiki explains how to use ODAT (__O__racle __D__atabase __A__ttacking __T__ool) during security assessments.
Explanations and examples are organized by ODAT module in this Wiki (see on the right).
The -h option can be used to get the ODAT help menu:
./odat.py -hThe all module is the first module that should be used when you meet an Oracle Database. For example, you can use this command for starting:
./odat.py all -s 192.168.1.254 -p 1521You can give the SID if you know it:
./odat.py all -s 192.168.1.254 -p 1521 -d ORCLIf you know a valid account, you can give it to this module:
./odat.py all -s 192.168.1.254 -p 1521 -d ORCL -U SYS -P passwordSee all for more details about this module.
For each module (i.e. sidguesser), you can use -v, -vv or -vvv for enabling verbosity and understanding how or what the module is doing. For example:
./odat.py all -s 192.168.1.254 -vvvBefore to use a specific command of a module, the --test-module should be used first for knowing if you can use it (target is vulnerable, Oracle account has enough privileges, etc). For example:
./odat.py tnspoison -s 192.168.1.254 -p 1521 -d ORCL --test-moduleQuentin HARDY: [email protected] or [email protected]