diff --git a/README.md b/README.md index 5bc55bc..1878b23 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,7 @@ Usage examples of ODAT: Tested on Oracle Database __10g__, __11g__, __12c__ and __18c__. -__ODAT linux standalone__ version at [https://github.com/quentinhardy/odat/releases/](https://github.com/quentinhardy/odat/releases/). Notice it is recommended to use the development version (*git clone*). +__ODAT linux standalone__ version at [https://github.com/quentinhardy/odat/releases/](https://github.com/quentinhardy/odat/releases/). Notice it is recommended to use the development version (*git clone*), *master-python3* branch (python 3 version). Changelog ==== @@ -118,6 +118,7 @@ Thanks to ODAT, you can: * oradbg * __download files__ stored on the database server using: * UTL_FILE + * DBMS_XSLPROCESSOR * external tables * CTXSYS * DBMS_LOB @@ -127,7 +128,7 @@ Thanks to ODAT, you can: * DBMS_ADVISOR * __delete files__ using: * UTL_FILE -* __gain privileged access__ using these following system privileges combinations (see help for *privesc* module commands): (__NEW__ : 2016/02/21) +* __gain privileged access__ using these following system privileges combinations (see help for *privesc* module commands): * CREATE ANY PROCEDURE * CREATE PROCEDURE and EXECUTE ANY PROCEDURE * CREATE ANY TRIGER (and CREATE PROCEDURE) @@ -147,12 +148,11 @@ Thanks to ODAT, you can: * pickup the session key and salt for arbitrary users * attack by dictionary on sessions * the [__CVE-2012-????__](https://twitter.com/gokhanatil/status/595853921479991297): A user authenticated can modify all tables who can select even if he can't modify them normally (no ALTER privilege). - * the [__CVE-2012-1675__](http://seclists.org/fulldisclosure/2012/Apr/204) (aka TNS poisoning attack) (__NEW__ : 25/03/2016) + * the [__CVE-2012-1675__](http://seclists.org/fulldisclosure/2012/Apr/204) (aka TNS poisoning attack) * __search in column names__ thanks to the *search* module: * search a pattern (ex: password) in column names * __unwrap__ PL/SQL source code (10g/11g and 12c) -* get __system privileges__ and __roles granted__. It is possible to get privileges and roles of roles granted also (__NEW__ : 21/02/2016) - +* get __system privileges__ and __roles granted__. It is possible to get privileges and roles of roles granted also ![Alt text](./pictures/ODAT_main_features_v2.0.jpg) Supported Platforms and dependencies @@ -221,7 +221,7 @@ sudo dpkg -i oracle-instantclient19.3-devel_???_???.deb ```bash export ORACLE_HOME=/usr/lib/oracle/19.3/client64/ export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$ORACLE_HOME/lib -export PATH=$ORACLE_HOME/bin:$PATH +export PATH=${ORACLE_HOME}bin:$PATH ``` * Restart your session (to apply env variables)