1521,1522-1529 - Pentesting Oracle TNS Listener

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

• Check the subscription plans!

• Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.

• Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

Basic Information

Oracle database (Oracle DB) is a relational database management system (RDBMS) from the Oracle Corporation (from here).

When enumerating Oracle the first step is to talk to the TNS-Listener that usually resides on the default port (1521/TCP, -you may also get secondary listeners on 1522–1529-).

1521/tcp open  oracle-tns    Oracle TNS Listener 9.2.0.1.0 (for 32-bit Windows)
1748/tcp open  oracle-tns    Oracle TNS Listener

Summary

1. Version Enumeration: Identify version information to search for known vulnerabilities.

2. TNS Listener Bruteforce: Sometimes necessary to establish communication.

3. SID Name Enumeration/Bruteforce: Discover database names (SID).

4. Credential Bruteforce: Attempt to access discovered SID.

5. Code Execution: Attempt to run code on the system.

In order to user MSF oracle modules you need to install some dependencies: Installation

Posts

Check these posts:

• https://secybr.com/posts/oracle-pentesting-best-practices/

• https://medium.com/@netscylla/pentesters-guide-to-oracle-hacking-1dcf7068d573

• https://hackmag.com/uncategorized/looking-into-methods-to-penetrate-oracle-db/

• http://blog.opensecurityresearch.com/2012/03/top-10-oracle-steps-to-secure-oracle.html

HackTricks Automatic Commands

Protocol_Name: Oracle    #Protocol Abbreviation if there is one.
Port_Number:  1521     #Comma separated if there is more than one.
Protocol_Description: Oracle TNS Listener         #Protocol Abbreviation Spelled out

Entry_1:
  Name: Notes
  Description: Notes for Oracle
  Note: |
    Oracle database (Oracle DB) is a relational database management system (RDBMS) from the Oracle Corporation

    #great oracle enumeration tool
    navigate to https://github.com/quentinhardy/odat/releases/
    download the latest
    tar -xvf odat-linux-libc2.12-x86_64.tar.gz
    cd odat-libc2.12-x86_64/
    ./odat-libc2.12-x86_64 all -s 10.10.10.82

    for more details check https://github.com/quentinhardy/odat/wiki

    https://book.hacktricks.xyz/pentesting/1521-1522-1529-pentesting-oracle-listener

Entry_2:
  Name: Nmap
  Description: Nmap with Oracle Scripts
  Command: nmap --script "oracle-tns-version" -p 1521 -T4 -sV {IP}

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

• Check the subscription plans!

• Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.

• Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.