Silo

24

Comments

  • Hello,

    Can some one help please, I am really stuck. I trie some NSE Script on several ports, I didn't find what I am looking for.

    Also with odat, all sids are valid!!! ????

    Thank you

  • Need a nudge on this one. I've logged into a specific service. Can access some things. I've exploited this in the past on a linux box. struggling to work it out on windows...

  • No one for help?

  • @kikos , have you installed all odat dependencies? have you test root?

  • Yes,

    Yesterday I found 2 sids. But not valid logins. Can you com on pm please?

  • I got the root but not the user (1st time). can someone PM me to exchange if i'm on the right track. tks

  • Finally pwned root. Nice machine and my first windows pwn ever :) Strangely, owning root was easier than user. Anyone else having pwned root, mind PMing me, I'd like to discuss the possible other ways.

    osku
    OSCP

  • Okay, so here is where i'm. Get ODAT working in standalone mode with this tips :

    LD_LIBRARY_PATH=./ ./odat-libc2.5-i686
    

    After that i've run some tests and i think i get the idea but for finding the password, what should i do ? should i rockyou a bit ? or maybe it's more likely i've missed some step in enumerating ?

    Jugulairel

  • Can anyone assist me please. I've enumerated,managed to get low priv access on the DB.
    But I have no idea what else to do. I've tried thousands of scripts to escalate priv but all fail.
    I've looked at the metatables but this is my first oraclebox.

  • I tried many dictionnary but nothing found :(

  • One thing that messed me up with this so far is that most tools will only test uppercase passwords as that was the default for a very long time. I recommend trying lowercase.

  • Worked perfectly! Thanks @mubix

    0d1n

  • Get the root flag, but my other question is : how to get smb share ? Unable to get anythings from this ...

    Jugulairel

  • edited May 2018

    I could really use a nudge in the right direction. I have db sys user access but haven't been able to move from db control to the OS. PM me?

  • Hi, I need a nudge on this one. I got root.txt, but couldn´t find the user.txt. Can I get user.txt the same way I did with root? Or should I exploit something different?

  • edited June 2018

    Pay attention to see if you're not metagaming by knowning first hand where the txt files are.

    Enumerate harder and you'll see the bridge

  • Is someone messing up with this machine? Two days ago, odat worked fine on this machine, since then I only get KO's... I managed to get root.txt then, but now I can't go any further. Is anybody experiencing the same? really frustrating.

  • I could definitely use a hand. I'm in the same place as some others, found a couple of SIDs but after that I'm just not able to make the tool work to enumerate logins. Going through the code, found some different options that aren't really documented but still no luck.

  • edited June 2018

    If you've got a couple of SID's and you can't proceed, you're both on a good spot and overthinking. Try simpler solutions.

  • Thanks for the ODAT tip, also for those that are installing it and following the github instructions, ensure that the Oracle client is 11.2 (most recent version is 12.2 and it won't work) also if you are blindly cutting and pasting when adding the System variables and using a x86 OS/Client (like me) his path is the x64 bit one and if you want to be lazy just "CD /usr/lib/oracle/11.2/" and "ln -s ./client/ ./client64/" and the rest of the commands will work without issue.

  • For those of you like me who are using current iterations of Metasploit and are just beating your head against the ruby issue for anything oracle, look at my comment on this problem https://github.com/rapid7/metasploit-framework/issues/9870. It's not pretty but it works.

  • Yeah going to need something I literally went through every SQL injection privilege escalation on the damn internet. Either it is shottily coded or something else is up. I have access to DB user and I checked all the roles, every escalation that takes advantage of those roles has failed.

  • @digitalp2k
    Go the old fashioned way. Get your hands dirty.

    It's possible to root this machine without ever touching odat, meterpreter or any of this kind. ODAT -may- get things faster for you in the later stages.

  • @Sigilli said:
    @digitalp2k
    Go the old fashioned way. Get your hands dirty.

    It's possible to root this machine without ever touching odat, meterpreter or any of this kind. ODAT -may- get things faster for you in the later stages.

    Are you saying I should ignore the Oracle part or is there something else?

  • @Sigilli said:
    @digitalp2k
    Go the old fashioned way. Get your hands dirty.

    It's possible to root this machine without ever touching odat, meterpreter or any of this kind. ODAT -may- get things faster for you in the later stages.

    Don't you even need sqlplus?

  • Any advice on getting user after getting root? I've tried creating programs/jobs but nothing seems to be working.

  • Never mind got it. Can help others if they are stuck.

  • edited June 2018

    @ring3rbell said:
    Don't you even need sqlplus?

    it's possible to not use sqlplus entirely =)
    You can, but it isn't necessary.

  • It is a funny box, I was able to get root but not user, similar to

    @sheeets said:
    Any advice on getting user after getting root? I've tried creating programs/jobs but nothing seems to be working.

    I should have missed something or my way of thinking is not correct, any hint welcome

    renorains
    ~|OSCP|~

  • edited June 2018

    Haha, it was easy once i let go of the whole oda... thingy. Got user and root with a simple reverse meterpretershell

    if anyones struggeling with this, ill be happy to give you a hint in pm.

    raystr

Sign In to comment.