Silo

I finished it a couple of days ago so if you need nudge, hit me up on mattermost.

I would recommend exploring the configuration and setup from available meta tables and other meta structures instead of trying some sort of automated pwn exploit. Plenty of information in the net available.

@spade you are correct there are some different ways to get root. The “path way” to root will be through many doors where each lock has some weakness, but there’s a window to root you can jump.

I have gotten questions regarding this machine. These resources might be useful if you want to understand the Oracle DB security:

@lokori said:
I have gotten questions regarding this machine. These resources might be useful if you want to understand the Oracle DB security:

Oracle / PLSQL: Oracle System Tables
Oracle Security papers

Sorry man! I am just getting stuck big time. Can you/someone give me a more obvious hint? I only got to the database with the low privilege user. I am thinking privilege esc to DBA then get shell access?

@NinjaRockstar said:

@ompamo said:
@grd msfconsole can help on enumeration if I remember well, and also the odat tool from Quentin Hardy (GitHub - quentinhardy/odat: ODAT: Oracle Database Attacking Tool). I recommend you to use the standalone version.

I’ve tried the odat script and can’t quite get it to work to my advantage. Anyone have a tip for me? A PM always works if you fear you will spoil here…

you are using the right tool, if nothing work, check your user role.

@grd said:
stuck as well. Any hint for initial foothold?

Hint can be found in this forum

@diopter said:

@grd said:
stuck as well. Any hint for initial foothold?

Hint can be found in this forum

Wish I could see the hint, lol. I’m using the right tool apparently, but just maybe not correctly? If anyone has any further tips please PM me. Otherwise, I’ll move on to another box for now. Frustrating… :slight_smile:

As a general note, if the low level user was granted DBA rights, that would be awesome for the hacker. But that would spoil the fun for all other hackers who log in with that user, because there would be no challenge after the user is already a DBA.

Hep needed. I read tones of resources about Oracle,TNS,etc. I tried to make bruteforce with nmap with no success and I used odat with no success too. Please PM in order to get any good direction, no spoilers

Hep needed too, any can pm me?

@hoboscientist said:
odat script is proving to be useless for me. no response from the server. any links for oracle DB exploitation ?

you really need to experiment a lot with this tool in order to get it to work for you.

Make sure you follow the guides that others posted on getting the proper libraries and files on your machine for your tools to work. 64 is the best. And enumerate. That will get you where you want to be.

Can you give me any hint for dropbox file?

@6h05t said:
Can you give me any hint for dropbox file?

You can use volatility tool on kali to analyze this file.

can you give me a password list to use as i tried defaults and rockyou list but no sucess :confused:
i tested all the script on my local server and they are working perfectly but not this box :frowning:

nevermind

After a few weeks of getting infuriated with random tools failing to acknowledge paths and ENV settings etc. Metasploit mods finally started to work but as expected, no pwnage with automated metasploit mods, its no fun that way anyway.

I went the manual route, took only a few min and was much more satisfying. I used sqldeveloper, I decided to write sql and exploit manually. Fun box, cant really judge it bad because I found some of the exploit tools to be ■■■■/way to temperamental to even bother to use.

A great reminder that sometimes/often writing your own code is better in the long run. Now I just need to find the user.txt, the root one was easy lol

Thumbs up to the developer of this box.

Do you have to do anything to the password for the drop service?

Spoiler Removed - Arrexel