Need Help

Not sure if my machine is having a ruby related crisis.

I found my ruby related issues were resolved when I used the x64 oracle-instantclient files - everything else just seemed to break horribly.

I followed a few techniques from this blog: Exploiting an Oracle database with Metasploit (Part 1) | Marcel-Jan's Oracle Blog

But not found much besides a user account with no-privs. Any hints?

I cant hunt the sid for some reason. the msf module doesnt work because its protected. Cant seem to find a solution around this. Please any one if u can DM or provide pointers. Wasted two days on this

Thanks to a couple of great hints by someone I was able to do the box. I was running in a circle and I would have never got past my roadblocks. In fact, there I still cannot understand WHY something works (to me, the default user basically has no privs).
In any case, since sharing is caring, feel free to PM me with details of what you have tried, I will try to hint back

For some reason im not able to upload files onto the system. I previously uploaded, now it returns Insufficient privileges. Any body successful in uploading?

So far the biggest takeaway from this one and a few other is: If I find myself really going down the rabbit hole searching for the answer…I’m probably being snagged on something minute or minor in the process of doing something. In my circumstance… case sensitivity.

And I learned the hard way that a script I wrote as a workaround to the msf/ruby issue was also giving false negatives :angry: (meaning correct credentials didn’t read correctly)

So, compound issues for myself. More pain = best learning.

@1R0NF15T said:

@cdf123 said:
I’ve been stuck on this for a while now. No matter what I did, all the oracle tools would segfault. So finally caved and started a new, fresh, kali vm. Segfaults are gone, but neither the tool from github, nor msf are getting me anywhere. Even cross converting their wordlists, I’ve got some sids, a no-priv account, and can’t see anything worth while with the account I got. I could use a pm with some hints/guides to get farther. thanks.

if you find a solution, pm me too :slight_smile:

I’m at the same stage. :scream:

i have user.txt but i need to clarify some things. can anyone pm me? Thank you!

@gash PM me

One hint for the first steps, if you’re using odat you need to use a specific flag/parameter for all commands, otherwise you wont be able to achieve anything. (this flag/parameter is not listed in the github readme)

Is getting DBA key first with this?

@x0xxin said:

@Nutellack said:

@Shivarth said:
who are facing error in installing ruby-oci8 try this Setup Oracle in Kali Rolling & Kali 2.0

if you follow this tutorial, you can avoid registering to oracle wordcompany and give them a email adresse by using this git to download the zip files needed :
GitHub - f00b4r/oracle-instantclient: 💽 Oracle InstantClient

Aww yeah! Thanks man. I was just grumbling to myself about having to create ANOTHER account.

I have the same problem. I tried with that tutorial (instalation was successful) but I get this error:
[-] Failed to load the OCI library: libnnz12.so: cannot open shared object file: No such file or directory - /usr/local/lib/x86_64-linux-gnu/site_ruby/oci8lib_250.so
[-] Try ‘gem install ruby-oci8’
[*] Auxiliary module execution completed

Any idea to solve that problem? Thanks

@Shivarth said:
who are facing error in installing ruby-oci8 try this Setup Oracle in Kali Rolling & Kali 2.0

just do as Shivarth suggest

@Nutellack said:

@Shivarth said:
who are facing error in installing ruby-oci8 try this Setup Oracle in Kali Rolling & Kali 2.0

just do as Shivarth suggest

Thank you. I tried that tree options:

but on my notebook and I think, I ruined something on that VM. Now I tried on my desktop and It works.

Just to be clear: does ONLY instantclient version 12.1have to be installed for ODAT and msf to work? Or will Instantclient 12.2 work as well?

In all of the guides on installing oracle tools, they say to use Instantclient version 12.1. But they are a couple of years old, so I figured I could install Instantclient 12.2, the most recent version. Has anyone gotten user/root on this box using Instantclient 12.2 tools and libs?

I’d love to get this set up and running so I could get the flags from this box but I cannot be bothered creating an Oracle account. Will keep looking elsewhere for download links that don’t require me to jump through Oracle’s hoops.

@Malfurion said:
I’d love to get this set up and running so I could get the flags from this box but I cannot be bothered creating an Oracle account. Will keep looking elsewhere for download links that don’t require me to jump through Oracle’s hoops.

Just read this post from the start, I gave a link

@Nutellack said:

@Malfurion said:
I’d love to get this set up and running so I could get the flags from this box but I cannot be bothered creating an Oracle account. Will keep looking elsewhere for download links that don’t require me to jump through Oracle’s hoops.

Just read this post from the start, I gave a link

Cheers. That did the trick. Also, I found a very very old copy of SqlDeveloper1.5 from 2008 that I had tucked away, managed to use it to browse as well lol.

@manny1990 said:
One hint for the first steps, if you’re using odat you need to use a specific flag/parameter for all commands, otherwise you wont be able to achieve anything. (this flag/parameter is not listed in the github readme)

This is an essential hint, thank you