I’m solving Silo machine but unable to exploit this machine i have tried every exploit. Can anyone give me a hint regarding exploit.???
its too soon bro. enumerate more see if u are missing something. (although i havent started the machine)
@eagle005 said:
I’m solving Silo machine but unable to exploit this machine i have tried every exploit. Can anyone give me a hint regarding exploit.???
This machine is a great opportunity to learn how to penetrate oracle databases since many of us have oracle dbs in the production environment in our work. So let’s dive into it and try a lot harder!
kubanu thanks for help as i enumerate more i got some clues that only Oracle service is exploitable i’m just diving bit deeper … Thanks for help…
i have access to the oracle db, but would like a nudge or a decent learning resource for what i should be looking at next, cant find any usernames etc… can some one PM me for a nudge on what to research ?
who are facing error in installing ruby-oci8 try this Setup Oracle in Kali Rolling & Kali 2.0
anyone who can pm me for initial shell? already found some things. but will only tell in pm, because of potential spoiler
@Shivarth said:
who are facing error in installing ruby-oci8 try this Setup Oracle in Kali Rolling & Kali 2.0
if you follow this tutorial, you can avoid registering to oracle wordcompany and give them a email adresse by using this git to download the zip files needed :
@Nutellack said:
@Shivarth said:
who are facing error in installing ruby-oci8 try this Setup Oracle in Kali Rolling & Kali 2.0if you follow this tutorial, you can avoid registering to oracle wordcompany and give them a email adresse by using this git to download the zip files needed :
GitHub - f00b4r/oracle-instantclient: 💽 Oracle InstantClient
Aww yeah! Thanks man. I was just grumbling to myself about having to create ANOTHER account.
about finding a db user… I’m wondering if I’m using the wrong method or only the wrong list, as I cannot find any…
I can log in the database as user but don’t find anything relevant.
I guess the solution is to use a certain tool for “O” db combine to a sqlplus terminal.
but I can’t get any info when I try to use it as a proxy to listen to my terminal
If anyone can give me a clue in pm it will be great.
Can someone point me in the right direction for privesc ? I 'm guessing its a very specific exploit but I can’t seem to find the right one. Pm me
hey guys… unlike most of you, im a little behind but i thought id ask for help anyway. So i enumerated 2 SIDs but i cant figure out anything after that… could someone pm me a hint? thanks!
I’ve been stuck on this for a while now. No matter what I did, all the oracle tools would segfault. So finally caved and started a new, fresh, kali vm. Segfaults are gone, but neither the tool from github, nor msf are getting me anywhere. Even cross converting their wordlists, I’ve got some sids, a no-priv account, and can’t see anything worth while with the account I got. I could use a pm with some hints/guides to get farther. thanks.
@cdf123 said:
I’ve been stuck on this for a while now. No matter what I did, all the oracle tools would segfault. So finally caved and started a new, fresh, kali vm. Segfaults are gone, but neither the tool from github, nor msf are getting me anywhere. Even cross converting their wordlists, I’ve got some sids, a no-priv account, and can’t see anything worth while with the account I got. I could use a pm with some hints/guides to get farther. thanks.
if you find a solution, pm me too
Crazy with this box. I experimented with odat with no success. Any suggestion instead “Try harder” ?? lol
Someone can pm me? Hardstuck
Currently playing hunt the sid
@monkeychild said:
Currently playing hunt the sid
Thats the easy part