The part of creating the files using oracle was amazing. If you have all than experience under your belt in all those languages and tools you really rock :D
You prolly dont care but does anybody know a method to get back into an instagram account..? I somehow lost my login password. I would love any assistance you can give me.
@Quincy Kristian I really appreciate your reply. I got to the site on google and im trying it out now. Looks like it's gonna take quite some time so I will reply here later when my account password hopefully is recovered.
Just a note: if you had printed the "Oracle issue.txt" thru the webshell you would have noticed that the special character in the dropbox password is showing well thru the webshell. This means then that all that process to get the special character wouldn't have been needed.
dude you are the best Q - what is your keybaord make and model? sounds awesome !!! reminds me of an old system I had before (sparc system) that have the best keyboard ever.
Error while installing odat. I followed your exact same steps. After I edit the /etc/profile file and load sqlplus 64. I'm getting "Error while loading shared libraries"
I got the error message "command not found" instead, when I tried to run sqlplus64 (like what IppSec did). Not sure why he managed to get it, while I was only able to run sqlplus instead.
Hi, I usually don't tend to comment on UA-cam, but I'll have to say that your channel is really good and has helped me a lot with penetration testing. I'm not as good at penetration testing though, would you have any tips for me to get any better? Thanks in advance, you're amazing.
Can we download HTB machines only after subscribing for VIP members...? In free subscription there is no option to download it seems can anybody suggest.? Is there any machine of HTB which are free and I can use for practice untill I subscribe.. 🤔
Yep I notice that eventually and mention it. Just saw MSF utilize a nmap script and decided to bail and go with something a bit more specialized. Not that anythings wrong with nmap scripts, they just aren't always up to date and no longer work.
Very possible - MSF Didn't say what the default port was and in my head I thought 1512. Odat says "Default 1521", so I didn't even think "what port is oracle?". Realized what happened when I said it out loud. So just a case of me thinking oracle listened on a different port.
ippSec can you help me please? basically I was learning how to hack machines from you so today when i started my linux machine and connected to my VPN i was able to go on 10.10.10.79 and stuff but when i scan ip with curl or nmap it says that host is down , i dont know what happened so please help
read_line only reads one line so you need to create a loop if you want to read the whole file like here: www.dba-oracle.com/t_read_text_file_into_table.htm
Nice work mate, oracle was running on 1521, whereas you set RPORTS as 1512 thats why msf reported as its closed
still doesn't finds out the user and pass
The part of creating the files using oracle was amazing. If you have all than experience under your belt in all those languages and tools you really rock :D
You prolly dont care but does anybody know a method to get back into an instagram account..?
I somehow lost my login password. I would love any assistance you can give me.
@Hayden Enrique instablaster =)
@Quincy Kristian I really appreciate your reply. I got to the site on google and im trying it out now.
Looks like it's gonna take quite some time so I will reply here later when my account password hopefully is recovered.
@Quincy Kristian It worked and I actually got access to my account again. I'm so happy:D
Thank you so much, you really help me out :D
@Hayden Enrique Glad I could help =)
40:19 being yelled at by g0tmi1k sounds like an interesting experience tho lol
It felt a little bit odd when I heard that milk thing while watching but reading the name now makes it more understandable thanks :D
Damn , I hate when I miss to root a box because I’m not familiar with certain tools
i know right! thats why having a lab buddy helps
"got to be over 9000, doesn't have to be, but it's just fun to say" you da man!
Just a note: if you had printed the "Oracle issue.txt" thru the webshell you would have noticed that the special character in the dropbox password is showing well thru the webshell. This means then that all that process to get the special character wouldn't have been needed.
So this is just like writing files into system we do with into_outfile command in mysql right?
🙏 I was waiting for it
Any idea if odata is allowed in the OSCP exams?
dude you are the best Q - what is your keybaord make and model? sounds awesome !!! reminds me of an old system I had before (sparc system) that have the best keyboard ever.
Ducky Zero with Cherry Mx Red i believe.
It's strange that Scott has sysdba permissions, that makes it pretty unrealistic, but thanks for showing all the tools
Lol.. literally just woke up to do this box I started enumerating last night... Didn't know it was about to be retired but that's the way it goes...
Error while installing odat. I followed your exact same steps. After I edit the /etc/profile file and load sqlplus 64. I'm getting "Error while loading shared libraries"
I got the error message "command not found" instead, when I tried to run sqlplus64 (like what IppSec did). Not sure why he managed to get it, while I was only able to run sqlplus instead.
Alternatively you can use docker for odat. hub.docker.com/r/jhertz/odat. Use docker run --net=host -i -t jhertz/odat bash
How did you manage to make metasploit work with oracle?? I was getting an error message, followed every tutorial without any success..
Hmm, why would sid guessing be needed, "lsnctrl service" normally lists them. (System id)
I know other people asked. I am also not sure if I could use ODAT on OSCP. Actually I don't think so... Could anyone confirm?
Dade Murphy, nice one haha
ODAT is allowed in the OSCP exam?
Your resourceful
My meterpreter sessions kept dying just after it says session opened. This happen to any of you guys?
Failed to load the OCI library: cannot load such file -- oci8
[-] Try 'gem install ruby-oci8'
[*] Auxiliary module execution completed
To fix your ruby-oci8 problems, check out the links here forum.hackthebox.eu/discussion/comment/14267#Comment_14267
Thanks
Hi, I usually don't tend to comment on UA-cam, but I'll have to say that your channel is really good and has helped me a lot with penetration testing. I'm not as good at penetration testing though, would you have any tips for me to get any better? Thanks in advance, you're amazing.
Nice
If you right click on the firefox back and forward buttons you can choose how far to go back or forward
Exactly :D
Can we download HTB machines only after subscribing for VIP members...?
In free subscription there is no option to download it seems can anybody suggest.?
Is there any machine of HTB which are free and I can use for practice untill I subscribe.. 🤔
All of the active machines are free, and the last two retired machines are free. That includes this machine Silo until Saturday.
@IppSec you need to improve your vim skill !! I am a bit jealous of your tmux knowledge though :P
If anyone is having errors with running ./odat.py try running it with python3 odat.py
do you solution it? please help me
hi ipp,
how many programing language u know ?
and which one is best for pentesting??
Don't worry about picking "The Best" - Just pick one and learn it. After you learn a few, then you can pick up a new language pretty quickly.
ipp i knocked u on twitter , can u plzzz reply ???
Sir, Can you please tell how to start with pentesting. Any resources , guidelines, fundamentals etc? I will be very thankful to you.
every time i start one a vid comes out
Oh no the box is retired already before I was able to finish it lol.
dbeaver would be a nicer way to connect to Oracle
Yeah, I used that for Manits. Mainly wanted to just show SQLPlus64 and the "as sysdba" flag as dbeaver makes it a radio button.
Port is closed because you mistyped it
Yep I notice that eventually and mention it. Just saw MSF utilize a nmap script and decided to bail and go with something a bit more specialized. Not that anythings wrong with nmap scripts, they just aren't always up to date and no longer work.
tho you said you were getting the same thing before. Did you for real mistype it twice or even more times lel?
Very possible - MSF Didn't say what the default port was and in my head I thought 1512. Odat says "Default 1521", so I didn't even think "what port is oracle?". Realized what happened when I said it out loud. So just a case of me thinking oracle listened on a different port.
ippSec can you help me please? basically I was learning how to hack machines from you so today when i started my linux machine and connected to my VPN i was able to go on 10.10.10.79 and stuff but when i scan ip with curl or nmap it says that host is down , i dont know what happened so please help
cant sub anymore. i swear i would, already did on 2 dif devices, acounts
read_line only reads one line so you need to create a loop if you want to read the whole file like here: www.dba-oracle.com/t_read_text_file_into_table.htm
1521