Oracle Database Attacking Tool

http://www.ehacking.net/2014/07/oracle-database-attacking-tool.html

ODAT (Oracle Database Attacking Tool) is an open source penetration testing tool that test the security of Oracle Databases remotely.

Usage examples of ODAT:

  • You have an Oracle database listening remotely and want to find valid SIDs and credentials in order to connect to the database
  • You have a valid Oracle account on a database and want to escalate your privileges (ex: SYSDBA)
  • You have a valid Oracle account and want to execute commands on the operating system hosting this DB (ex: reverse shell)

Supported Platforms and dependencies

ODAT is compatible with Linux only.

A standalone version exists in order to don’t have need to install dependencies and slqplus (see the build folder of the git).
The ODAT standalone has been generated thanks to pyinstaller.

If you want to have the development version installed on your computer, these following tool and dependencies are needed:

  • Langage: Python 2.7
  • Oracle dependancies:
    • Instant Oracle basic
    • Instant Oracle sdk
  • Python libraries:
    • cx_Oracle
    • colorlog (recommended)
    • termcolor (recommended)
    • argcomplete (recommended)
    • pyinstaller (recommended)

Installation

This part describes how to install instantclient, CX_Oracle and some others python libraries on Ubuntu in order to have the ODAT development version.
Don’t forget that an ODAT standalone version exists in build: It is not required to install something for use the standalone version 🙂

sudo apt-get install libaio1 python-dev alien python-pip
  • Generate DEB files from RPM files thanks to :
sudo alien --to-deb oracle-instantclient11.2-basic-???.x???.rpm
sudo alien --to-deb oracle-instantclient11.2-sqlplus-???.x???.rpm
sudo alien --to-deb oracle-instantclient11.2-devel-???.x???.rpm
  • Install instant client basic, sdk and sqlplus:
sudo dpkg -i oracle-instantclient11.2-basic-???.x???.deb
sudo dpkg -i oracle-instantclient11.2-sqlplus-???.x???.deb
sudo dpkg -i oracle-instantclient11.2-devel_???_???.deb
  • Put these lines in your /etc/profile file in order to define Oracle env variables:
export ORACLE_HOME=/usr/lib/oracle/11.2/client64/
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$ORACLE_HOME/lib
export PATH=$ORACLE_HOME/bin:$PATH
source /etc/profile
  • Restart your session (to apply env variables) and run sqlplus:
sqlplus

If nor error: good job, Continue…

  • Create a symlink to your so file.
cd $ORACLE_HOME/lib/
sudo ln -s libclntsh.so.11.1   libclntsh.so
  • Create the /etc/ld.so.conf.d/oracle.conf file and add the path to Oracle home:
/usr/lib/oracle/11.2/client64/lib/
  • Update the ldpath using:
sudo ldconfig
  • Install CX_Oracle
sudo -s
source /etc/profile
pip install cx_Oracle
  • Test if all is good:
python -c 'import cx_Oracle' 

This command should just return without errors.

  • Install some python libraries:
sudo apt-get install python-scapy
sudo pip install colorlog termcolor pycrypto
sudo pip install argcomplete && sudo activate-global-python-argcomplete
python setup.py install
  • Run ODAT:
./odat.py -h
 P { margin-bottom: 0.08in; }A:link {  }
 
Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

How to Install Kali Linux on VirtualBox [Windows Host] in 2020

Kali Linux is a Debian based Linux distribution, released on the 13th March 2013 as a complete rebuild of BackTrack Linux. It is one of...

Acunetix v13 Release Introduces Groundbreaking Innovations

The newest release of the Acunetix Web Vulnerability Scanner further improves performance and premieres best-of-breed technologies London, United Kingdom – February 5, 2019 – Acunetix,...

What is Ethical Hacking, how to be an Ethical Hacker

Hacking is the process of discovering vulnerabilities in a system and using these found vulnerabilities by gaining unauthorized access into the system to perform...

Basic steps to ensure security Online!

Security concerns are growing day by day due to the growing interconnectivity and technology. Drastic things can happen if you be a little careless...