Hacking
  • Penetration Testing
  • Methodologies
    • Exfil
    • Manual Enumeration
    • Basic Buffer Overflow
    • Basic Internal Network test
    • Basic Mobile Testing guide
    • Basic Subdomain Enumeration guide
  • Guides
    • Build A Raspberry Pi Dropbox
    • Golang
    • Powershell / PowerView
    • PurpleSharp
  • Hack The Box last updated - 2019
    • Legacy
    • Devel
    • Optimum
    • Popcorn
    • Beep
    • Tenten
    • Arctic
    • Cronos
    • Grandpa
    • Granny
    • October
    • Lazy
    • Sneaky
    • Holiday
    • Blocky
    • Shrek
    • Blue
    • Joker
    • Europa
    • Haircut
    • Bank
    • SolidState
    • Mantis
    • Shocker
    • Tally
    • Sense
    • Jeeves
    • Stratosphere
    • Inception
    • Bashed
    • Fluxcapacitor
    • Canape
    • Rabbit
    • Chatterbox
    • Nibbles
    • Sunday
    • Aragog
    • Valentine
    • Silo
    • Olympus
    • Poison
    • Celestial
    • Waldo
    • Jerry
    • Access
    • Active
    • Netmon
  • scriptz
  • Issues
    • gists
    • Boring Issues
Powered by GitBook
On this page
  • Silo - 10.10.10.82
  • Target Enumeration:
  • Replicating the exploit:
  1. Hack The Box last updated - 2019

Silo

PreviousValentineNextOlympus

Last updated 6 years ago

Silo - 10.10.10.82

Target Enumeration:

OS: Windows

IP: 10.10.10.82

User: 92ede778a1cc8d27cb6623055c331617

Root: cd39ea0af657a495e33bc59c7836faf6

Replicating the exploit:

Nmap

Oracle is running so enumerate the users

Download odat to exploit the database

Database is using the default credentials scott\tiger

Set up a meterpreter listener on port 443 (https)

Generate a reverse meterpreter https shell, install ruby dependencies (annoying) and upload your shell.

Now you have a shell, no local privescs work.

Looking in the users desk op directory we found:

Had some weird encoding issues so could not open the link, later found out it was a ‘£’

Testing out the service I saw it was running with system privileges

Elevate to system user with odat and upload a shell to the admins desktop and execute it.

Now you have a system shell.

git clone

https://github.com/quentinhardy/odat.git