-
Notifications
You must be signed in to change notification settings - Fork 345
bobs edited this page Mar 23, 2016
·
5 revisions
The all module allows you to run all modules (depends on options that you have purchased).
It is useful when you want to known what you can do on a database server (with a valid SID or no, with a valid Oracle account or no).
- run all ODAT modules on the 192.168.142.73 Oracle database server listening on the 1521 port:
./odat.py all -s 192.168.142.73 -p 1521ODAT will search valid SID. It will search valid Oracle accounts on each Oracle Instance (SID) found. You can specify an option for credentials (see --accounts-file, --accounts-files, --login-as-pwd). For each valid account on each valid instance (SID), it will give you what each user can do (e.g. reverse shell, read files, become DBA).
- If you known a SID (ex: ORCL):
./odat.py all -s 192.168.142.73 -p 1521 -d ORCL- If you don't known a SID, you will can give the number of character maximum and the charset to use (for the brute force attack) and the file containing SID (for the dictionary attack):
./odat.py all -s 192.168.142.73 -p 1521 --sids-max-size=3 --sid-charset='abc' --accounts-file=accounts.txt- If you known a SID (ex: ORCL) and an account (SYS/password):
./odat.py all -s $SERVER -p $PORT -d $SID -U $USER -P $PASSWORDQuentin HARDY: [email protected] or [email protected]