I am currently working through the Footprinting academy module and have gotten stuck on the Oracle TNS section. I am stuck on how to answer the following question -
Enumerate the target Oracle database and submit the password hash of the user DBSNMP as the answer.
I have successfully enumerated the SID XE of the database using NMAP - sudo nmap -p1521 -sV 10.129.x.x --open --script oracle-sid-brute
After that I tried enumerating with odatpy to get some more information, looking for credentials - ./odat.py passwordguesser -p 1521 -d XE -s 10.129.x.x ./odat.py all -s 10.129.x.x -p 1521 -d XE
Both of these come back with no further information.
From there I tried signing in using some default usernames and passwords with sqlplus sqlplus email@example.com/XE; sqlplus DBSNMP/DBSNMP@10.129.x.x/XE;
Any combination I have tried here has not been able to authenticate.
Does anyone have any ideas on what I can try next? I am not looking for an answer, more just a nudge in the right direction.
For me the setup script provided in the module didn’t work 100%. odat.py works fine, but the sqlplus tool errors out.
Here is a workaround to connect to the database, in case sqlplus errors out with sqlplus: error while loading shared libraries: libsqlplus.so: cannot open shared object file: No such file or directory for you too.
The workaround is to use DBeaver - it comes preinstalled with Parrot OS (the Pwnbox’s underlying OS). If you’re using something else, feel free to install it (you can probably use other SQL GUIs or CLIs too). Create a new connection with the target box’s IP, the port will be prefilled. Enter the username and password you discovered through odat and the db’s name. Then select the “Connect as:” dropdown and click on “SYSDBA”. Click “Test connection” - if everything was input correctly and the server is running you should be able to save the connection and execute queries, if not, double-check the inputted values and try again.
The rest is the same, run the query and get the password hash.
P.S Forgot to mention that DBeaver does not come preinstalled with drivers to connect to Oracle DB, so you will be prompted to install them. A link to the required .jar file is provided by Dbeaver. Only 1 jar file is required and it’s usually at the top of the page.
i’m having issues. so i followed the lecture instructions. uploaded the bash script. the /etc/profile.d/ exits but the oracle.sh file doesn’t i tried making the file myself with the above script but that didn’t work for me. any hints on what i should try next ?
Actually they provide solution to fix error within the information in module:
sudo sh -c “echo /usr/lib/oracle/12.2/client64/lib > /etc/ld.so.conf.d/oracle-instantclient.conf”;sudo ldconfig
note that you may have different version of oracle and it could look like:
sudo sh -c “echo /usr/lib/oracle/19.6/client64/lib > /etc/ld.so.conf.d/oracle-instantclient.conf”;sudo ldconfig
since I did not have the error on my main box, had to install fresh and can confirm that it indeed solved the problem on kali.
If anyone is still having issues with this - I was stuck for a while as well. Feel free to DM me. Note that literally every command you need is in the lesson. Follow it closely and use PWNBOX for this one. Using a local VM is a pain in the ■■■. Also if you do have to use a VM switch your VPN profile to TCP.