Silo

LegendarySpork · July 29, 2018, 5:58am

Finally got a tiny little bit of traction and identified a valid user. Lesson learned: focusing on getting at least some of the tools to work has been fruitful and educational. Someone earlier said you don’t need S****** but to use other tools, you have to have some version of this installed.

Edit: have user and root flags. Scratching my head over how to get a reverse shell.

onlyamedic · August 1, 2018, 3:49am

just wrote a quick guide on installing odat on kali rolling since someone messaged me about it: Installing Oracle Database Attacking Tool (ODAT) on Kali Rolling (2018) - Good Luck

mercwri · August 2, 2018, 7:09am

From hints and playing with sqlmap I managed to get root but not user, I’ve given up on odat for now since I can’t get all of it’s modules working.

I think odat with the lowercase issue and now every module reading KO on test has sucked up more of my time. It looks like a great tool, when it works.

nope · August 2, 2018, 12:02pm

i’ve used standalone version of ODAT and got all SID valid but i also try with nmap and get 2 SID valid. Is there any problem with ODAT’s standalone version?
i saw that in ODAT’s home page:
“Standalone versions exist in order to don’t have need to install dependencies and slqplus…”

LegendarySpork · August 2, 2018, 6:33pm

Maybe you don’t need the SQLPlus tool per se but there sure does seem to be a dependency on the libraries and stuff that you get with it. As for “standalone” I can’t imagine that Big Giant Profit Co. would allow a 3d party to include its libraries in a hacking tool without all sorts of licensing bureacracy and fees. Anyway, I had to install it to get odat and other tools to work.

nope · August 3, 2018, 10:13am

@LegendarySpork said:
Maybe you don’t need the SQLPlus tool per se but there sure does seem to be a dependency on the libraries and stuff that you get with it. As for “standalone” I can’t imagine that Big Giant Profit Co. would allow a 3d party to include its libraries in a hacking tool without all sorts of licensing bureacracy and fees. Anyway, I had to install it to get odat and other tools to work.

i’ve installed ODAT follow by the guide and it worked, then i’ve tried to run the standalone verson and it’s worked fine. Probably it’s related in Oracle libraries.

richeze · August 3, 2018, 10:49am

Ive had no trouble running the odat standalone (although I had to install the client as well and move the libraries into the odat directory). Getting the actual user and root has so far eluded me but never mind!

nope · August 3, 2018, 6:15pm

[UPDATE1] → Still don’t know why but i found the way to fix this issue.
[UPDATE2] → i’ve got both root and user. Love this machine.
i’ve got root but have’nt got user yet. In the first time, i’ve tested all module in ODAT and some module is OK, but now all the module is KO state and i can’t get root.txt file again. I don’t know why? is there anyone like me? Can PM to discuss about it?

d4ly · August 4, 2018, 9:17am

Cool box, odat is a strong tool.

Was the download a red herring,? I gave it a go with a specific couple of tools after i downloaded to no avail, but had got the root hash before the file downloaded using existing tools

mcruz · August 4, 2018, 6:19pm

Hi is there any admin of hackthebox platform, i need to know how the score system works. Becuase i rooted Silo box yesterday before it gets retired, and i’ve the same score that i had before rooted the machine, thanks.

AgentTiro · August 4, 2018, 6:32pm

@mcruz when boxes are retired you lost the points. Points are only available for live machines.

mcruz · August 4, 2018, 6:36pm

@AgentTiro said:
@mcruz when boxes are retired you lost the points. Points are only available for live machines.

Yes but i did rooted before it gets retired, that does’nt matter?

AgentTiro · August 4, 2018, 7:12pm

@mcruz said:
@AgentTiro said:
@mcruz when boxes are retired you lost the points. Points are only available for live machines.

Yes but i did rooted before it gets retired, that does’nt matter?

Nope. Points are only displayed for active machines. Once a box is retired no one has any points for it. Whether you rooted it 10 minutes after launch or 10 minutes before it retires. This way it’s possible for anyone to break into the top 100 or higher, as you have to remain active to keep that score going up.

The one thing that does remain is the rank you achieve. You will lose progress to the next one, but you will not fall back down ranks e.g. reach pro then move back down to hacker.

mcruz · August 4, 2018, 7:19pm

@AgentTiro said:

@mcruz said:
@AgentTiro said:
@mcruz when boxes are retired you lost the points. Points are only available for live machines.

Yes but i did rooted before it gets retired, that does’nt matter?

Nope. Points are only displayed for active machines. Once a box is retired no one has any points for it. Whether you rooted it 10 minutes after launch or 10 minutes before it retires. This way it’s possible for anyone to break into the top 100 or higher, as you have to remain active to keep that score going up.

The one thing that does remain is the rank you achieve. You will lose progress to the next one, but you will not fall back down ranks e.g. reach pro then move back down to hacker.

Thanks i got it.