Really struggling to get a a foothold on this box. Have 2 valid SID’s, cant get any further with either Metasploit or ODAT. Literally stuck for ideas. Any hints or PM’s would be appreciated.
@Cli3nt said:
Not sure, about the first step. My 65535 scan is not terminating. My fast scan just shows 80, 445 and some rpc. SMB does not seem to be vulnerable. Port 80 does not give me any websites. You are talking about oracle, but I don’t find anything interesting here
You need to scan again. It could be that people are resetting the box mid scan. You can be fairly confident that you’ve missed some ports here.
I’ve tried odat for cracking and scalate and it doesn’t work for me. So i don’t know what to do right now.
Looks like the file is filtering some extensions and I have no idea about how to exploit the vuln. Somebody can give me a hand ?
Rooted this earlier. Half the battle was getting odat to work. Anyone using it for password guessing, it doesn’t work! The switch it says to use for uppercase and lowercase doesn’t do as it says.
The first shell I popped got me root, so I missed out on a fun privesc. I’ve been told to go back and look at for the learning experience.
Hi, I am having trouble progressing using the odat tool. I have installed the standalone version and have identified a valid sid, but havent managed to enumerate users nor find more detailed guides other than the wiki. Any pointers?
Got root. Nice machine
Wow, finally rooted. I have no idea how people went straight to root. I ended up taking a much longer route through user.
I’d like to see how people got root but not user xD
Also how some people didn’t need ODAT or even SQLplus to pwn it.
I solved it in two ways, the “intended way” and the metasploit way haha
PM if you want to discuss about n.n
Lots of tantalisingly close, yet ultimately frustrating paths here. I have a username and password for the DB but I can’t seem to get any further.
If anyone is able to share a tip or pointer (here or in PM) I would be eternally in their debt.
@TazWake Any tips on how you found username and password. Thanks
A lot of brute forcing with slight modifications to the default oracle lists (look at what is odd about them vs most word lists)
@TazWake Thanks very much for your help. Back to the wordlists!
could somone PM me? haveing trouble with getting initial foothold…
I also need help with the initial foothold. I’ve got some scan and enumeration results, with several promising ports and am trying various attack tools but can’t get anything. odat isn’t giving me anything and is telling me that every possible sid is valid. Stuck.
Edit: the key to this one was to install the basic tools prerequisites on kali, which doesn’t come with them preinstalled, or even apt-gettable. The stubs are there in msf and nmap but they error out or just don’t run until you install some verion of big-honking-company’s stuff.
@LegendarySpork your odat isn’t installed correctly.
need help would i pm someone here?
could somone help me with priv esc?
can someone please pm me am seriously stuck on initial foothold
Any help to get the the valid SIDs ? please just stuck