Pentest 1 : [htb] Silo, Hack Oracle

Hi everyone,

Today I am going to write a little walk-through of a box from hack the box lab. I am going to explain the step by step of the box called Silo.

Overall the walk-through will be divided into three phases which are hacking the oracle database web exploitation and priv escalation.

Let start, As usual we should do recon. The best tools for recon is nmap. You can use the command below to do nmap

nmap -sS -sV -sC -vvv 10.10.10.82
-sS = SYN scan
-sC = banner grabbing
-sV = check the version of target service
-vvv = be verbose

http open port 80
oracle server port 1521

we can see that there is open port for oracle database 11.2 and port 80 for http. We have two attack surface that can be used to exploit. I will use an application called ODAT (Oracle Database Attacking Tool)  to help me on analyzing the oracle database service. this tools can be download from https://github.com/quentinhardy/odat

first lets brute force for the SID that is available in the server. We use the command below

./odat.py sidguesser -s 10.10.10.82 -p 1521

We found 2 instances of database XE and XEXDB. Now the next step is to brute force the username and password. We can use odat to brute force with this command below

./odat.py passwordguesser -s 10.10.10.82 -p 1521 -d XE

But do not forget to provide the username and password wordlist in the directory accounts within odat directory. The username and password shall be formatted username/password just like below

we finally found the username and password of XE instance. here below the picture

the username is scott and password is tiger.

OK that is all about recon and enumeration phase of the Penetration Test Cycle. I will continue to the exploitation phase in the next blog.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s