2025-01-06 14:28:00
Hack The Box have a nice lab, where we're introduced to the basics of poking at the Oracle TNS service.
In this lab, they offer a set of commands to download and setup ODAT (Oracle Database Attacking Tool) on your Linux workstation. They assume you're working on Parrot OS, on x86_64.
Meanwhile, I'm working on Kali Linux, inside UTM, in MacOS on aarch64. The instructions are different. Here's what worked for me.
#!/bin/bash
sudo apt-get install libaio1t64 python3-dev alien -y
cd ~
git clone https://github.com/quentinhardy/odat.git
cd odat/
git submodule init
git submodule update
wget https://download.oracle.com/otn_software/linux/instantclient/instantclient-basic-linux-arm64.zip
unzip instantclient-basic-linux-arm64.zip
wget https://download.oracle.com/otn_software/linux/instantclient/instantclient-sqlplus-linux-arm64.zip
unzip instantclient-sqlplus-linux-arm64.zip
export LD_LIBRARY_PATH=$(pwd)/instantclient_19_25:$LD_LIBRARY_PATH
export PATH="$PATH:$(pwd)/instantclient_19_25"
echo "export LD_LIBRARY_PATH=\"$(pwd)/instantclient_19_25:\$LD_LIBRARY_PATH\"" >> ~/.bashrc
echo "export PATH=\"\$PATH:$(pwd)/instantclient_19_25\"" >> ~/.bashrc
sudo apt-get install -y python3-cx-oracle python3-scapy
sudo apt-get install -y python3-colorlog python3-termcolor python3-passlib python3-pycryptodome python3-pyinstaller python3-libnmap
sudo apt-get install -y build-essential libgmp-dev
Next to this, you will also need to make one small change to CVE_2012_3137.py in the ODAT directory. The import statement at the top (at least on my Kali box) needs to be changed to read: "from Cryptodome.Crypto import AES".
kilala.nl tags: work, studies,
View or add comments (curr. 0)
All content, with exception of "borrowed" blogpost images, or unless otherwise indicated, is copyright of Tess Sluijter. The character Kilala the cat-demon is copyright of Rumiko Takahashi and used here without permission.