OSCP Notes
  • Introduction
  • Port Scanning
  • Nmap Port Scanning
  • Nmap Scripts
  • Services Enumeration
    • SMB Enumeration (Port 139, 445)
    • SNMP Enumeraion (Port 161)
    • NFS Enumeration (Port 111, 2049)
    • SMTP Enumeration (Port 25)
    • DNS Enumeration (Port 53)
    • POP3 (Port 110, 25*)
    • MySQL (Port 3306)
    • Oracle (Port 1521)
    • MsSQL (Port 1433)
  • Web / HTTP
    • Web Scanning
    • CMS
    • Directory Fuzzing
    • File Upload
      • Bypass file upload filtering
      • Bruteforcing extensions
      • WebDAV
    • Bruteforce Authentication
    • LFI and RFI
      • Interesting Files for LFI
      • Null Byte Injection
      • PHP Wrappers
    • ShellShock
    • Post Requests
  • password attacks
    • Brute-force service password
    • Cracking Password
    • Custom Worldlist
  • Exploitaion
    • Searchsploit
    • Compiling the Exploit
  • shell
    • Bind and Reverse shell
    • Upgrading shell
    • msfvenom
  • Linux Post Exploitation
    • Linux Manual Exploitation
    • Linux post exploitation scripts
    • Kernel Exploitation
  • windows post exploitation
    • General
    • Manual Exploitaion
    • Dumping the sam file
    • SUDO SU
    • Automated enumeration script
    • Windows Exploit Suggester
  • file transfer
    • General
    • Linux
    • Windows
  • cheatsheets
    • Command injection Cheatsheet
    • Find Command Cheatsheet
    • Netcat
    • SQL Injection Bypass
    • CheckList
    • XSS Payload
Powered by GitBook
On this page
  • Quick Intro
  • Nmap Script
  • oscanner
  • Fingerprint oracle tns
  1. Services Enumeration

Oracle (Port 1521)

PreviousMySQL (Port 3306)NextMsSQL (Port 1433)

Last updated 3 years ago

Quick Intro

Oracle database (Oracle DB) is a relational database management system (RDBMS) from the Oracle Corporation (from ).

When enumerating Oracle the first step is to talk to the TNS-Listener that usually resides on the default port (1521/TCP, -you may also get secondary listeners on 1522–1529-).

Nmap Script

nmap -p 1521 -A $ip

nmap -n -v -sV -Pn -p 1521 –script=oracle-enum-users –script-args sid=ORCL,userdb=users.txt $ip

nmap --script "oracle-tns-version" -p 1521 -T4 -sV <IP>
# TNS listener version

nmap --script=oracle-sid-brute $ip
nmap  -n -v -sV -Pn -p 1521 --script=oracle-brute $ip
# Brute-Force Account

oscanner

oscanner -s $ip -P 1521

Fingerprint oracle tns

tnscmd10g = A tool to prod the oracle tnslsnr process

tnscmd10g version -h 192.168.1.101
tnscmd10g status -h 192.168.1.101

Other useful TNS listener commands:

Command

Purpose

ping

Ping the listener

version

Provide output of the listener version and platform information

status

Return the current status and variables used by the listener

services

Dump service data

debug

Dump debugging information to the listener log

reload

Reload the listener configuration file

save_config

Write the listener configuration file to a backup location

stop

Invoke listener shutdown

hydra -P rockyou.txt -t 32 -s 1521 host.victim oracle-listener

If you receive an error, could be because TNS versions are incompatible (Use the --10G parameter with tnscmd10) and if the error persist, the listener may be password protected (you can see a list were all the ) — don't worry… hydra to the rescue:

here
errors are detailed here