Wodat – Windows Oracle Database Attack Toolkit
Simple port of the popular Oracle Database Attack Tool (ODAT) (
TEST
Module tests if the given connection string can connect successfully.
wodat.exe TEST -server:XXX.XXX.XXX.XXX -port:1521 -sid:XE -user:peter -pass:pan
DISC
Module will perform discovery against provided CIDR range or file with instances. Note, only instances with valid TNS listeners will be returned. Testing a network range will be much faster as it’s processed in parallel.
wodat.exe DISC
Instances to test must be formatted as per the below example targets.txt
:
192.168.10.1
192.168.10.5,1521
ALL
Not implemented yet.
RECON
Not implemented yet.
Setup and Requirements
You can grab automated release build from the GitHub Actions or build yourself using the following commands:
nuget restore wodat.sln
msbuild wodat.sln -t:rebuild -property:Configuration=Release
Some general notes: The Oracle.ManagedDataAccess.dll
library will have to be copied with the binary. I’m looking at ways of embedding it.
Todo
- Handle SYSDBA and SYSOPER connections
- Implement outstanding modules
- Various validation, error handling code still needs to be done
- Some minor known bugfixes
- Add options to check against built in lists for SID, ServiceNames or common credentials
If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.