Silo

Is someone messing up with this machine? Two days ago, odat worked fine on this machine, since then I only get KO’s… I managed to get root.txt then, but now I can’t go any further. Is anybody experiencing the same? really frustrating.

I could definitely use a hand. I’m in the same place as some others, found a couple of SIDs but after that I’m just not able to make the tool work to enumerate logins. Going through the code, found some different options that aren’t really documented but still no luck.

If you’ve got a couple of SID’s and you can’t proceed, you’re both on a good spot and overthinking. Try simpler solutions.

Thanks for the ODAT tip, also for those that are installing it and following the github instructions, ensure that the Oracle client is 11.2 (most recent version is 12.2 and it won’t work) also if you are blindly cutting and pasting when adding the System variables and using a x86 OS/Client (like me) his path is the x64 bit one and if you want to be lazy just “CD /usr/lib/oracle/11.2/” and “ln -s ./client/ ./client64/” and the rest of the commands will work without issue.

For those of you like me who are using current iterations of Metasploit and are just beating your head against the ruby issue for anything oracle, look at my comment on this problem Failed to load the OCI library: cannot load such file -- oci8 · Issue #9870 · rapid7/metasploit-framework · GitHub. It’s not pretty but it works.

Yeah going to need something I literally went through every SQL injection privilege escalation on the ■■■■ internet. Either it is shottily coded or something else is up. I have access to DB user and I checked all the roles, every escalation that takes advantage of those roles has failed.

@digitalp2k
Go the old fashioned way. Get your hands dirty.

It’s possible to root this machine without ever touching odat, meterpreter or any of this kind. ODAT -may- get things faster for you in the later stages.

@Sigilli said:
@digitalp2k
Go the old fashioned way. Get your hands dirty.

It’s possible to root this machine without ever touching odat, meterpreter or any of this kind. ODAT -may- get things faster for you in the later stages.

Are you saying I should ignore the Oracle part or is there something else?

@Sigilli said:
@digitalp2k
Go the old fashioned way. Get your hands dirty.

It’s possible to root this machine without ever touching odat, meterpreter or any of this kind. ODAT -may- get things faster for you in the later stages.

Don’t you even need sqlplus?

Any advice on getting user after getting root? I’ve tried creating programs/jobs but nothing seems to be working.

Never mind got it. Can help others if they are stuck.

@ring3rbell said:
Don’t you even need sqlplus?

it’s possible to not use sqlplus entirely =)
You can, but it isn’t necessary.

It is a funny box, I was able to get root but not user, similar to

@sheeets said:
Any advice on getting user after getting root? I’ve tried creating programs/jobs but nothing seems to be working.

I should have missed something or my way of thinking is not correct, any hint welcome

Haha, it was easy once i let go of the whole oda… thingy. Got user and root with a simple reverse meterpretershell

if anyones struggeling with this, ill be happy to give you a hint in pm.

@Sigilli said:

it’s possible to not use sqlplus entirely =)
You can, but it isn’t necessary.

Mmm, I’m curious to know how you did… Please PM. Thanks!

Same boat as others. Dont really see how i can get user. Been searching the database for user credential to SMB share with no success

As someone said earlier. All hints you need have been provided here. Remeber to have all dependencies fixed before trying a certain tool

I’ve been beating my head against a certain protocol and have not been able to get any fruit (well maybe some, but don’t know what to do with it in a timely manner). I’ve ran into a box like this in the wild and this forum has definitely helped me learn the ways to enumerate, what tools to use etc… if anyone can PM me to nudge me I’d appreciate it. I hate Oracle…

Also… typically my goto isn’t necessarily metasploit… but wtf is:
[-] Failed to load the OCI library: cannot load such file – oci8

@RageQuit said:
I’ve been beating my head against a certain protocol and have not been able to get any fruit (well maybe some, but don’t know what to do with it in a timely manner). I’ve ran into a box like this in the wild and this forum has definitely helped me learn the ways to enumerate, what tools to use etc… if anyone can PM me to nudge me I’d appreciate it. I hate Oracle…

Also… typically my goto isn’t necessarily metasploit… but wtf is:
[-] Failed to load the OCI library: cannot load such file – oci8

just try with the other tool mentioned in here.
personally i tried to fix the metasploit issue in 3 different VMs, with different Kali versions. no luck.
other tool once configured properly made things pretty simple

is there AV on the box? My payload isn’t executing but I am able to control something which should lead to rce. Can I pm someone who completed the box?