Skip to content

Commit

Permalink
Merge branch 'master-python3' of https://github.com/quentinhardy/odat
Browse files Browse the repository at this point in the history
…into master-python3
  • Loading branch information
quentinhardy committed Apr 2, 2020
2 parents ca8bd80 + b3b4384 commit 61fdba7
Showing 1 changed file with 6 additions and 6 deletions.
12 changes: 6 additions & 6 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ Usage examples of ODAT:

Tested on Oracle Database __10g__, __11g__, __12c__ and __18c__.

__ODAT linux standalone__ version at [https://github.com/quentinhardy/odat/releases/](https://github.com/quentinhardy/odat/releases/). Notice it is recommended to use the development version (*git clone*).
__ODAT linux standalone__ version at [https://github.com/quentinhardy/odat/releases/](https://github.com/quentinhardy/odat/releases/). Notice it is recommended to use the development version (*git clone*), *master-python3* branch (python 3 version).

Changelog
====
Expand Down Expand Up @@ -118,6 +118,7 @@ Thanks to ODAT, you can:
* oradbg
* __download files__ stored on the database server using:
* UTL_FILE
* DBMS_XSLPROCESSOR
* external tables
* CTXSYS
* DBMS_LOB
Expand All @@ -127,7 +128,7 @@ Thanks to ODAT, you can:
* DBMS_ADVISOR
* __delete files__ using:
* UTL_FILE
* __gain privileged access__ using these following system privileges combinations (see help for *privesc* module commands): (__NEW__ : 2016/02/21)
* __gain privileged access__ using these following system privileges combinations (see help for *privesc* module commands):
* CREATE ANY PROCEDURE
* CREATE PROCEDURE and EXECUTE ANY PROCEDURE
* CREATE ANY TRIGER (and CREATE PROCEDURE)
Expand All @@ -147,12 +148,11 @@ Thanks to ODAT, you can:
* pickup the session key and salt for arbitrary users
* attack by dictionary on sessions
* the [__CVE-2012-????__](https://twitter.com/gokhanatil/status/595853921479991297): A user authenticated can modify all tables who can select even if he can't modify them normally (no ALTER privilege).
* the [__CVE-2012-1675__](http://seclists.org/fulldisclosure/2012/Apr/204) (aka TNS poisoning attack) (__NEW__ : 25/03/2016)
* the [__CVE-2012-1675__](http://seclists.org/fulldisclosure/2012/Apr/204) (aka TNS poisoning attack)
* __search in column names__ thanks to the *search* module:
* search a pattern (ex: password) in column names
* __unwrap__ PL/SQL source code (10g/11g and 12c)
* get __system privileges__ and __roles granted__. It is possible to get privileges and roles of roles granted also (__NEW__ : 21/02/2016)

* get __system privileges__ and __roles granted__. It is possible to get privileges and roles of roles granted also
![Alt text](./pictures/ODAT_main_features_v2.0.jpg)

Supported Platforms and dependencies
Expand Down Expand Up @@ -221,7 +221,7 @@ sudo dpkg -i oracle-instantclient19.3-devel_???_???.deb
```bash
export ORACLE_HOME=/usr/lib/oracle/19.3/client64/
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$ORACLE_HOME/lib
export PATH=$ORACLE_HOME/bin:$PATH
export PATH=${ORACLE_HOME}bin:$PATH
```

* Restart your session (to apply env variables)
Expand Down

0 comments on commit 61fdba7

Please sign in to comment.