1

There is a website abc.com which is vulnerable to SQL injection, I have verified this via sqlmap , So i got the username and password after this 

https://github.com/sqlmapproject/sqlmap/wiki/Usage

but I noticed that database is running on oracle, I want to get the host so i can connect to the database from Oracle client.

--hostname returns abc.com , how can I get the actual DB hostname so i can connect via Oracle client using SQLMAP.

when I did port scan of abc.com only 40 and 443 are open.

P.S This is only for learning purpose

Thanks

Johnny
  • 1,743
  • 2
  • 10
  • 12

2 Answers2

1

If you can SELECT on the ORACLE database proper tables, This should do the trick:

SELECT host_name from v$instance

If you want more information on how to connect, then you should try

SELECT type , value FROM v$listener_network

It will give you the database network name, and a connection string from localhost.

J. Chomel
  • 8,193
  • 15
  • 41
  • 69
  • what is the database for v$instance ? (sorry I have been to mysql for longer time) – Johnny Mar 30 '16 at 06:13
  • It is for an Oracle Database. I made a typo, it is `HOST_NAME`, not `HOSTNAME` – J. Chomel Mar 30 '16 at 06:15
  • this returns abc.com (which was actually returned by sqlmap too) – Johnny Mar 30 '16 at 06:18
  • Then querying `v$listener_network` might be helpfull. – J. Chomel Mar 30 '16 at 06:23
  • Then I have no more clue. You might access the database on port 40 with a connection string like this one: `(ADDRESS=(HOST=abc.com)(PROTOCOL=tcp)(PORT=40))`, and it is also possible that the database can only be accessed locally. – J. Chomel Mar 30 '16 at 06:30
1

If you want to connect to the database you can simply use the --sqlmap-shell that make a prompt for an interactive sqlmap shell.

sqlmap -u abc.com --sqlmap-shell

But also if you want the current database you can use the --current-db option.

 sqlmap -u abc.com --current-db