HackTheBox - Silo

Поділитися
Вставка
  • Опубліковано 29 жов 2024

КОМЕНТАРІ • 63

  • @MrBigcherish
    @MrBigcherish 6 років тому +20

    Nice work mate, oracle was running on 1521, whereas you set RPORTS as 1512 thats why msf reported as its closed

    • @xt355
      @xt355 3 місяці тому

      still doesn't finds out the user and pass

  • @desktopt328
    @desktopt328 4 роки тому +2

    The part of creating the files using oracle was amazing. If you have all than experience under your belt in all those languages and tools you really rock :D

    • @haydenenrique5980
      @haydenenrique5980 3 роки тому

      You prolly dont care but does anybody know a method to get back into an instagram account..?
      I somehow lost my login password. I would love any assistance you can give me.

    • @quincykristian5479
      @quincykristian5479 3 роки тому

      @Hayden Enrique instablaster =)

    • @haydenenrique5980
      @haydenenrique5980 3 роки тому

      @Quincy Kristian I really appreciate your reply. I got to the site on google and im trying it out now.
      Looks like it's gonna take quite some time so I will reply here later when my account password hopefully is recovered.

    • @haydenenrique5980
      @haydenenrique5980 3 роки тому

      @Quincy Kristian It worked and I actually got access to my account again. I'm so happy:D
      Thank you so much, you really help me out :D

    • @quincykristian5479
      @quincykristian5479 3 роки тому

      @Hayden Enrique Glad I could help =)

  • @RuLythC
    @RuLythC 6 років тому +5

    40:19 being yelled at by g0tmi1k sounds like an interesting experience tho lol

    • @desktopt328
      @desktopt328 4 роки тому

      It felt a little bit odd when I heard that milk thing while watching but reading the name now makes it more understandable thanks :D

  • @adnentrimech7958
    @adnentrimech7958 6 років тому +15

    Damn , I hate when I miss to root a box because I’m not familiar with certain tools

    • @tejaszarekar9145
      @tejaszarekar9145 5 років тому +3

      i know right! thats why having a lab buddy helps

  • @m3lk0r83
    @m3lk0r83 6 років тому

    "got to be over 9000, doesn't have to be, but it's just fun to say" you da man!

  • @blcksmith
    @blcksmith 4 роки тому +5

    Just a note: if you had printed the "Oracle issue.txt" thru the webshell you would have noticed that the special character in the dropbox password is showing well thru the webshell. This means then that all that process to get the special character wouldn't have been needed.

  • @westernvibes1267
    @westernvibes1267 4 роки тому +1

    So this is just like writing files into system we do with into_outfile command in mysql right?

  • @ravuga
    @ravuga 6 років тому

    🙏 I was waiting for it

  • @martialartness
    @martialartness 5 років тому +1

    Any idea if odata is allowed in the OSCP exams?

  • @jameslee6284
    @jameslee6284 2 роки тому

    dude you are the best Q - what is your keybaord make and model? sounds awesome !!! reminds me of an old system I had before (sparc system) that have the best keyboard ever.

    • @ippsec
      @ippsec  2 роки тому +1

      Ducky Zero with Cherry Mx Red i believe.

  • @berndeckenfels
    @berndeckenfels 4 роки тому +1

    It's strange that Scott has sysdba permissions, that makes it pretty unrealistic, but thanks for showing all the tools

  • @pwn3d_d1rt
    @pwn3d_d1rt 6 років тому

    Lol.. literally just woke up to do this box I started enumerating last night... Didn't know it was about to be retired but that's the way it goes...

  • @arunjanardhanan8584
    @arunjanardhanan8584 6 років тому +2

    Error while installing odat. I followed your exact same steps. After I edit the /etc/profile file and load sqlplus 64. I'm getting "Error while loading shared libraries"

    • @horizonholt8522
      @horizonholt8522 4 роки тому

      I got the error message "command not found" instead, when I tried to run sqlplus64 (like what IppSec did). Not sure why he managed to get it, while I was only able to run sqlplus instead.

    • @intellectualgravy9796
      @intellectualgravy9796 4 роки тому

      Alternatively you can use docker for odat. hub.docker.com/r/jhertz/odat. Use docker run --net=host -i -t jhertz/odat bash

  • @vayero
    @vayero 6 років тому

    How did you manage to make metasploit work with oracle?? I was getting an error message, followed every tutorial without any success..

  • @berndeckenfels
    @berndeckenfels 4 роки тому

    Hmm, why would sid guessing be needed, "lsnctrl service" normally lists them. (System id)

  • @susnoname
    @susnoname 3 роки тому

    I know other people asked. I am also not sure if I could use ODAT on OSCP. Actually I don't think so... Could anyone confirm?

  • @flrn84791
    @flrn84791 5 років тому

    Dade Murphy, nice one haha

  • @darkmanker
    @darkmanker 8 місяців тому

    ODAT is allowed in the OSCP exam?

  • @boyangzhang8159
    @boyangzhang8159 4 роки тому

    Your resourceful

  • @shankaranarayana4825
    @shankaranarayana4825 4 роки тому

    My meterpreter sessions kept dying just after it says session opened. This happen to any of you guys?

  • @Ankitkumar-vn7mu
    @Ankitkumar-vn7mu 6 років тому

    Failed to load the OCI library: cannot load such file -- oci8
    [-] Try 'gem install ruby-oci8'
    [*] Auxiliary module execution completed

    • @randymann2956
      @randymann2956 6 років тому

      To fix your ruby-oci8 problems, check out the links here forum.hackthebox.eu/discussion/comment/14267#Comment_14267

  • @kalidsherefuddin
    @kalidsherefuddin Рік тому

    Thanks

  • @rustyshackleford8807
    @rustyshackleford8807 6 років тому

    Hi, I usually don't tend to comment on UA-cam, but I'll have to say that your channel is really good and has helped me a lot with penetration testing. I'm not as good at penetration testing though, would you have any tips for me to get any better? Thanks in advance, you're amazing.

  • @thomas.n.jordan5093
    @thomas.n.jordan5093 6 років тому

    Nice

  • @RowanSheridan
    @RowanSheridan 6 років тому +2

    If you right click on the firefox back and forward buttons you can choose how far to go back or forward

  • @skyone9237
    @skyone9237 6 років тому

    Can we download HTB machines only after subscribing for VIP members...?
    In free subscription there is no option to download it seems can anybody suggest.?
    Is there any machine of HTB which are free and I can use for practice untill I subscribe.. 🤔

    • @ippsec
      @ippsec  6 років тому

      All of the active machines are free, and the last two retired machines are free. That includes this machine Silo until Saturday.

  • @andreas3578
    @andreas3578 3 роки тому +1

    @IppSec you need to improve your vim skill !! I am a bit jealous of your tmux knowledge though :P

  • @sid886
    @sid886 4 роки тому +1

    If anyone is having errors with running ./odat.py try running it with python3 odat.py

    • @a7madali354
      @a7madali354 4 роки тому

      do you solution it? please help me

  • @oxovi
    @oxovi 6 років тому

    hi ipp,
    how many programing language u know ?
    and which one is best for pentesting??

    • @ippsec
      @ippsec  6 років тому +3

      Don't worry about picking "The Best" - Just pick one and learn it. After you learn a few, then you can pick up a new language pretty quickly.

    • @oxovi
      @oxovi 6 років тому

      ipp i knocked u on twitter , can u plzzz reply ???

  • @muhammadzeeshankhan4947
    @muhammadzeeshankhan4947 6 років тому

    Sir, Can you please tell how to start with pentesting. Any resources , guidelines, fundamentals etc? I will be very thankful to you.

  • @adamziane
    @adamziane 6 років тому

    every time i start one a vid comes out

  • @arturolim718
    @arturolim718 6 років тому

    Oh no the box is retired already before I was able to finish it lol.

  • @fsacer
    @fsacer 6 років тому +1

    dbeaver would be a nicer way to connect to Oracle

    • @ippsec
      @ippsec  6 років тому +3

      Yeah, I used that for Manits. Mainly wanted to just show SQLPlus64 and the "as sysdba" flag as dbeaver makes it a radio button.

  • @user-hj3nf6xf6u
    @user-hj3nf6xf6u 6 років тому +3

    Port is closed because you mistyped it

    • @ippsec
      @ippsec  6 років тому

      Yep I notice that eventually and mention it. Just saw MSF utilize a nmap script and decided to bail and go with something a bit more specialized. Not that anythings wrong with nmap scripts, they just aren't always up to date and no longer work.

    • @user-hj3nf6xf6u
      @user-hj3nf6xf6u 6 років тому

      tho you said you were getting the same thing before. Did you for real mistype it twice or even more times lel?

    • @ippsec
      @ippsec  6 років тому

      Very possible - MSF Didn't say what the default port was and in my head I thought 1512. Odat says "Default 1521", so I didn't even think "what port is oracle?". Realized what happened when I said it out loud. So just a case of me thinking oracle listened on a different port.

  • @არვიცი
    @არვიცი 6 років тому

    ippSec can you help me please? basically I was learning how to hack machines from you so today when i started my linux machine and connected to my VPN i was able to go on 10.10.10.79 and stuff but when i scan ip with curl or nmap it says that host is down , i dont know what happened so please help

  • @eseseis7251
    @eseseis7251 4 роки тому

    cant sub anymore. i swear i would, already did on 2 dif devices, acounts

  • @firefart
    @firefart 6 років тому

    read_line only reads one line so you need to create a loop if you want to read the whole file like here: www.dba-oracle.com/t_read_text_file_into_table.htm

  • @oussamaaksbi7728
    @oussamaaksbi7728 3 роки тому +1

    1521