Need Help

I’m solving Silo machine but unable to exploit this machine i have tried every exploit. Can anyone give me a hint regarding exploit.???

its too soon bro. enumerate more see if u are missing something. (although i havent started the machine)

@parteeksingh said:
I’m solving Silo machine but unable to exploit this machine i have tried every exploit. Can anyone give me a hint regarding exploit.???

This machine is a great opportunity to learn how to penetrate oracle databases since many of us have oracle dbs in the production environment in our work. So let’s dive into it and try a lot harder!

kubanu thanks for help as i enumerate more i got some clues that only Oracle service is exploitable i’m just diving bit deeper … Thanks for help…:slight_smile:

i have access to the oracle db, but would like a nudge or a decent learning resource for what i should be looking at next, cant find any usernames etc… can some one PM me for a nudge on what to research ?

who are facing error in installing ruby-oci8 try this Setup Oracle in Kali Rolling & Kali 2.0 | ZeroSec - Adventures In Information Security

anyone who can pm me for initial shell? already found some things. but will only tell in pm, because of potential spoiler

@Shivarth said:
who are facing error in installing ruby-oci8 try this Setup Oracle in Kali Rolling & Kali 2.0 | ZeroSec - Adventures In Information Security

if you follow this tutorial, you can avoid registering to oracle wordcompany and give them a email adresse by using this git to download the zip files needed :

@Nutellack said:

@Shivarth said:
who are facing error in installing ruby-oci8 try this Setup Oracle in Kali Rolling & Kali 2.0 | ZeroSec - Adventures In Information Security

if you follow this tutorial, you can avoid registering to oracle wordcompany and give them a email adresse by using this git to download the zip files needed :
GitHub - f00b4r/oracle-instantclient: Oracle InstantClient

Aww yeah! Thanks man. I was just grumbling to myself about having to create ANOTHER account.

about finding a db user… I’m wondering if I’m using the wrong method or only the wrong list, as I cannot find any…

I can log in the database as user but don’t find anything relevant.
I guess the solution is to use a certain tool for “O” db combine to a sqlplus terminal.
but I can’t get any info when I try to use it as a proxy to listen to my terminal
If anyone can give me a clue in pm it will be great.

Can someone point me in the right direction for privesc ? I 'm guessing its a very specific exploit but I can’t seem to find the right one. Pm me :slight_smile:

hey guys… unlike most of you, im a little behind but i thought id ask for help anyway. So i enumerated 2 SIDs but i cant figure out anything after that… could someone pm me a hint? thanks!

I’ve been stuck on this for a while now. No matter what I did, all the oracle tools would segfault. So finally caved and started a new, fresh, kali vm. Segfaults are gone, but neither the tool from github, nor msf are getting me anywhere. Even cross converting their wordlists, I’ve got some sids, a no-priv account, and can’t see anything worth while with the account I got. I could use a pm with some hints/guides to get farther. thanks.

@cdf123 said:
I’ve been stuck on this for a while now. No matter what I did, all the oracle tools would segfault. So finally caved and started a new, fresh, kali vm. Segfaults are gone, but neither the tool from github, nor msf are getting me anywhere. Even cross converting their wordlists, I’ve got some sids, a no-priv account, and can’t see anything worth while with the account I got. I could use a pm with some hints/guides to get farther. thanks.

if you find a solution, pm me too :slight_smile:

Crazy with this box. I experimented with odat with no success. Any suggestion instead “Try harder” ?? lol

Someone can pm me? Hardstuck

Currently playing hunt the sid :dizzy:

@monkeychild said:
Currently playing hunt the sid :dizzy:

Thats the easy part :slight_smile: