1521,1522-1529 - Pentesting Oracle TNS Listener
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Basic Information
Oracle database (Oracle DB) is a relational database management system (RDBMS) from the Oracle Corporation (from here).
When enumerating Oracle the first step is to talk to the TNS-Listener that usually resides on the default port (1521/TCP, -you may also get secondary listeners on 1522–1529-).
Summary
Version Enumeration: Identify version information to search for known vulnerabilities.
TNS Listener Bruteforce: Sometimes necessary to establish communication.
SID Name Enumeration/Bruteforce: Discover database names (SID).
Credential Bruteforce: Attempt to access discovered SID.
Code Execution: Attempt to run code on the system.
In order to user MSF oracle modules you need to install some dependencies: Installation
Posts
Check these posts:
HackTricks Automatic Commands
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Last updated