Wodat – Windows Oracle Database Attack Toolkit

Simple port of the popular Oracle Database Attack Tool (ODAT) (

TEST

Module tests if the given connection string can connect successfully.

wodat.exe TEST -server:XXX.XXX.XXX.XXX -port:1521 -sid:XE -user:peter -pass:pan

DISC

Module will perform discovery against provided CIDR range or file with instances. Note, only instances with valid TNS listeners will be returned. Testing a network range will be much faster as it’s processed in parallel.

wodat.exe DISC

Instances to test must be formatted as per the below example targets.txt:

192.168.10.1
192.168.10.5,1521

ALL

Not implemented yet.

RECON

Not implemented yet.

Setup and Requirements

You can grab automated release build from the GitHub Actions or build yourself using the following commands:

nuget restore wodat.sln
msbuild wodat.sln -t:rebuild -property:Configuration=Release

Some general notes: The Oracle.ManagedDataAccess.dll library will have to be copied with the binary. I’m looking at ways of embedding it.

Todo

  • Handle SYSDBA and SYSOPER connections
  • Implement outstanding modules
  • Various validation, error handling code still needs to be done
  • Some minor known bugfixes
  • Add options to check against built in lists for SID, ServiceNames or common credentials
Download Wodat

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Discord

Original Source