1521,1522-1529 - Pentesting Oracle TNS Listener

Reading time: 3 minutes

tip

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Basic Information

Oracle database (Oracle DB) is a relational database management system (RDBMS) from the Oracle Corporation (from here).

When enumerating Oracle the first step is to talk to the TNS-Listener that usually resides on the default port (1521/TCP, -you may also get secondary listeners on 1522–1529-).

1521/tcp open oracle-tns Oracle TNS Listener 9.2.0.1.0 (for 32-bit Windows) 1748/tcp open oracle-tns Oracle TNS Listener

Summary

  1. Version Enumeration: Identify version information to search for known vulnerabilities.
  2. TNS Listener Bruteforce: Sometimes necessary to establish communication.
  3. SID Name Enumeration/Bruteforce: Discover database names (SID).
  4. Credential Bruteforce: Attempt to access discovered SID.
  5. Code Execution: Attempt to run code on the system.

In order to user MSF oracle modules you need to install some dependencies: Installation

Posts

Check these posts:

HackTricks Automatic Commands

Protocol_Name: Oracle #Protocol Abbreviation if there is one. Port_Number: 1521 #Comma separated if there is more than one. Protocol_Description: Oracle TNS Listener #Protocol Abbreviation Spelled out Entry_1: Name: Notes Description: Notes for Oracle Note: | Oracle database (Oracle DB) is a relational database management system (RDBMS) from the Oracle Corporation #great oracle enumeration tool navigate to https://github.com/quentinhardy/odat/releases/ download the latest tar -xvf odat-linux-libc2.12-x86_64.tar.gz cd odat-libc2.12-x86_64/ ./odat-libc2.12-x86_64 all -s 10.10.10.82 for more details check https://github.com/quentinhardy/odat/wiki https://book.hacktricks.xyz/pentesting/1521-1522-1529-pentesting-oracle-listener Entry_2: Name: Nmap Description: Nmap with Oracle Scripts Command: nmap --script "oracle-tns-version" -p 1521 -T4 -sV {IP}

tip

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks