Hacking
Hacking
Github
Twitter
Hacking & Penetration Testing
Commands
Methodologies
Buffer Overflow
Internal Network
Mobile Testing
Subdomain Enumeration
Web Application Testing
XSS
OOB
IDOR / PrivEsc
Misc
CSRF
XML
SQL
XML External Entities
Commands
Windows Commands
Guides
Mac OS Build
Build A Raspberry Pi Dropbox
Configuring Burpsuite Pro
BugBounty
Manual SQL Injection
Courses
Hack The Box
Legacy
Devel
Optimum
Popcorn
Beep
Tenten
Arctic
Cronos
Grandpa
Granny
October
Lazy
Sneaky
Holiday
Blocky
Shrek
Blue
Joker
Europa
Haircut
Bank
SolidState
Mantis
Shocker
Tally
Sense
Jeeves
Stratosphere
Inception
Bashed
Fluxcapacitor
Canape
Rabbit
Chatterbox
Nibbles
Sunday
Aragog
Valentine
Silo
Olympus
Poison
Celestial
Waldo
Jerry
Access
Active
Netmon
Powered by GitBook

Silo

Silo - 10.10.10.82

Target Enumeration:

OS: Windows

IP: 10.10.10.82

User: 92ede778a1cc8d27cb6623055c331617

Root: cd39ea0af657a495e33bc59c7836faf6

Replicating the exploit:

Nmap

Oracle is running so enumerate the users

Download odat to exploit the database

git clone https://github.com/quentinhardy/odat.git

Database is using the default credentials scott\tiger

Set up a meterpreter listener on port 443 (https)

Generate a reverse meterpreter https shell, install ruby dependencies (annoying) and upload your shell.

Now you have a shell, no local privescs work.

Looking in the users desk op directory we found:

Had some weird encoding issues so could not open the link, later found out it was a ‘£’

Testing out the service I saw it was running with system privileges

Elevate to system user with odat and upload a shell to the admins desktop and execute it.

Now you have a system shell.

Hack The Box - Previous
Valentine
Next - Hack The Box
Olympus
Last updated 1 year ago
Contents
Silo - 10.10.10.82
Target Enumeration:
Replicating the exploit: