Oracle TNS 1521
Oracle TNS Enumeration and Scanning (Port 1521)
Step 1: Define the Target IP
Replace <target_ip> with the actual IP address of the target.
# Define the target IP
export TARGET_IP="192.168.1.100"Step 2: Perform an Nmap Scan for Oracle TNS Services
Basic Scan
nmap -p 1521 -sV --script oracle-tns-version <target_ip>Explanation:
-p 1521: Specifies the Oracle TNS Listener port.-sV: Detects the service version.--script oracle-tns-version: Runs the NSE script to fetch Oracle TNS version information.
Advanced Scan
nmap -p 1521 --script oracle-sid-brute,oracle-tns-version <target_ip>Explanation:
oracle-sid-brute: Attempts to enumerate valid SIDs (System Identifiers).oracle-tns-version: Fetches Oracle TNS version details.
Step 3: Enumerate Oracle TNS Services Using Metasploit
msfconsole
Launch Metasploit:
msfconsoleUse the Oracle SID brute force module:
use auxiliary/scanner/oracle/sid_brute set RHOSTS <target_ip> set RPORT 1521 runUse the Oracle TNS version module:
use auxiliary/scanner/oracle/tns_version set RHOSTS <target_ip> set RPORT 1521 run
Step 4: Enumerate Oracle Using tnscmd
Install
tnscmd.plif not already installed.sudo apt install tnscmdEnumerate Oracle TNS Listener:
tnscmd.pl -h <target_ip> -p 1521 -t statusTest for SID enumeration:
tnscmd.pl -h <target_ip> -p 1521 -t services
Step 5: Enumerate Oracle Databases Using oscanner
Install
oscanner:sudo apt install oscannerRun oscanner:
oscanner -s <target_ip> -P 1521
Step 6: Enumerate Oracle Using ODAT (Oracle Database Attacking Tool)
Clone the ODAT repository:
git clone https://github.com/quentinhardy/odat.git cd odatRun ODAT to enumerate SIDs:
python3 odat.py sidguesser -s <target_ip> -p 1521Test login credentials:
python3 odat.py passwordguesser -s <target_ip> -p 1521 -d <SID>
Additional Notes
Ensure tools like
tnscmd.pl,oscanner,ODAT, andNmapare installed.Look for default credentials and misconfigurations.
SID enumeration is critical for gaining access to Oracle databases.
Last updated