ODAT – Oracle Database Attacking Tool

ODAT (Oracle Database Attacking Tool) is an open source penetration testing tool that test the security of Oracle Databases remotely.
Usage examples of ODAT:

  • You have an Oracle database listening remotely and want to find valid SIDs and credentials in order to connect to the database
  • You have a valid Oracle account on a database and want to escalate your privileges (ex: SYSDBA)
  • You have a valid Oracle account and want to execute commands on the operating system hosting this DB (ex: reverse shell)

Features 
Thanks to ODAT, you can:

  • search valid SID on a remote Oracle Database listener via:
    • a dictionary attack
    • a brute force attack
    • ALIAS of the listener
  • search Oracle accounts using:
    • a dictionary attack
    • each Oracle user like the password (need an account before to use this attack)
  • execute system commands on the database server using:
    • DBMS_SCHEDULER
    • JAVA
    • external tables
    • oradbg
  • download files stored on the database server using:
    • UTL_FILE
    • external tables
    • CTXSYS
  • upload files on the database server using:
    • UTL_FILE
    • DBMS_XSLPROCESSOR
    • DBMS_ADVISOR
  • delete files using:
    • UTL_FILE
  • send/reveive HTTP requests from the database server using:
    • UTL_HTTP
    • HttpUriType
  • scan ports of the local server or a remote server using:
    • UTL_HTTP
    • HttpUriType
    • UTL_TCP
  • exploit the CVE-2012-313 (http://cvedetails.com/cve/2012-3137)
    • pickup the session key and salt for arbitrary users
    • attack by dictionary on sessions

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s