Silo

Okay, so here is where i’m. Get ODAT working in standalone mode with this tips :

LD_LIBRARY_PATH=./ ./odat-libc2.5-i686

After that i’ve run some tests and i think i get the idea but for finding the password, what should i do ? should i rockyou a bit ? or maybe it’s more likely i’ve missed some step in enumerating ?

Can anyone assist me please. I’ve enumerated,managed to get low priv access on the DB.
But I have no idea what else to do. I’ve tried thousands of scripts to escalate priv but all fail.
I’ve looked at the metatables but this is my first oraclebox.

I tried many dictionnary but nothing found :frowning:

One thing that messed me up with this so far is that most tools will only test uppercase passwords as that was the default for a very long time. I recommend trying lowercase.

Worked perfectly! Thanks @mubix

Get the root flag, but my other question is : how to get smb share ? Unable to get anythings from this …

I could really use a nudge in the right direction. I have db sys user access but haven’t been able to move from db control to the OS. PM me?

Hi, I need a nudge on this one. I got root.txt, but couldn´t find the user.txt. Can I get user.txt the same way I did with root? Or should I exploit something different?

Pay attention to see if you’re not metagaming by knowning first hand where the txt files are.

Enumerate harder and you’ll see the bridge

Is someone messing up with this machine? Two days ago, odat worked fine on this machine, since then I only get KO’s… I managed to get root.txt then, but now I can’t go any further. Is anybody experiencing the same? really frustrating.

I could definitely use a hand. I’m in the same place as some others, found a couple of SIDs but after that I’m just not able to make the tool work to enumerate logins. Going through the code, found some different options that aren’t really documented but still no luck.

If you’ve got a couple of SID’s and you can’t proceed, you’re both on a good spot and overthinking. Try simpler solutions.

Thanks for the ODAT tip, also for those that are installing it and following the github instructions, ensure that the Oracle client is 11.2 (most recent version is 12.2 and it won’t work) also if you are blindly cutting and pasting when adding the System variables and using a x86 OS/Client (like me) his path is the x64 bit one and if you want to be lazy just “CD /usr/lib/oracle/11.2/” and “ln -s ./client/ ./client64/” and the rest of the commands will work without issue.

For those of you like me who are using current iterations of Metasploit and are just beating your head against the ruby issue for anything oracle, look at my comment on this problem Failed to load the OCI library: cannot load such file -- oci8 · Issue #9870 · rapid7/metasploit-framework · GitHub. It’s not pretty but it works.

Yeah going to need something I literally went through every SQL injection privilege escalation on the ■■■■ internet. Either it is shottily coded or something else is up. I have access to DB user and I checked all the roles, every escalation that takes advantage of those roles has failed.

@digitalp2k
Go the old fashioned way. Get your hands dirty.

It’s possible to root this machine without ever touching odat, meterpreter or any of this kind. ODAT -may- get things faster for you in the later stages.

@Sigilli said:
@digitalp2k
Go the old fashioned way. Get your hands dirty.

It’s possible to root this machine without ever touching odat, meterpreter or any of this kind. ODAT -may- get things faster for you in the later stages.

Are you saying I should ignore the Oracle part or is there something else?

@Sigilli said:
@digitalp2k
Go the old fashioned way. Get your hands dirty.

It’s possible to root this machine without ever touching odat, meterpreter or any of this kind. ODAT -may- get things faster for you in the later stages.

Don’t you even need sqlplus?

Any advice on getting user after getting root? I’ve tried creating programs/jobs but nothing seems to be working.

Never mind got it. Can help others if they are stuck.