HackTheBox - Silo

IppSec · Beginner ·🔐 Cybersecurity ·7y ago

Key Takeaways

Installs and uses SQLPlus and ODAT to bruteforce Oracle Database credentials on a HackTheBox machine

Original Description

01:30 - Begin of recon 03:15 - Begin of installing SQLPlus and ODAT (Oracle Database Attack Tool) 08:45 - Bruteforcing the SID with ODAT 10:15 - Holy crap, this is slow lets also do it with Metasploit 13:00 - Bruteforcing valid logins with ODAT 16:00 - Credentials returned, logging into Oracle with SQLPlus as SysDBA 19:00 - Reading files from disk via Oracle 23:20 - Writing files to disk from Oracle. Testing it in WebRoot Directory 25:52 - File Written, lets write an ASPX WebShell to the Server 29:10 - WebShell Working! Lets get a Reverse Shell 31:28 - Reverse Shell Returned 32:24 - Finding a DropBox link, but password doesn't display well. 33:55 - Attempting to copy file via SMB to view UTF8 Text 35:18 - That didn't work, lets transfer the file by encoding it in Base64. 36:55 - Got the password lets download the dump! 39:10 - Begin of Volatility 45:20 - Running the HashDump plugin from volatilty then PassTheHash with Administrator's NTLM! ### Box Done 47:35 - Begin of unintended way, examining odat and uploading an meterpreter exe 50:30 - Using odat externaltable to execute meterpreter and get a system shell! 52:20 - Examining odat verbosity flag to see what commands it runs and try to learn.
Watch on YouTube ↗ (saves to browser)
Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from IppSec · IppSec · 51 of 60

1 HHC2016 - Analytics
HHC2016 - Analytics
IppSec
2 HackTheBox - October
HackTheBox - October
IppSec
3 HackTheBox - Arctic
HackTheBox - Arctic
IppSec
4 HackTheBox - Brainfuck
HackTheBox - Brainfuck
IppSec
5 HackTheBox - Bank
HackTheBox - Bank
IppSec
6 HackTheBox - Joker
HackTheBox - Joker
IppSec
7 HackTheBox - Lazy
HackTheBox - Lazy
IppSec
8 Camp CTF 2015 - Bitterman
Camp CTF 2015 - Bitterman
IppSec
9 HackTheBox - Devel
HackTheBox - Devel
IppSec
10 Reversing Malicious Office Document (Macro) Emotet(?)
Reversing Malicious Office Document (Macro) Emotet(?)
IppSec
11 HackTheBox - Granny and Grandpa
HackTheBox - Granny and Grandpa
IppSec
12 HackTheBox - Pivoting Update: Granny and Grandpa
HackTheBox - Pivoting Update: Granny and Grandpa
IppSec
13 HackTheBox - Optimum
HackTheBox - Optimum
IppSec
14 HackTheBox - Charon
HackTheBox - Charon
IppSec
15 HackTheBox - Sneaky
HackTheBox - Sneaky
IppSec
16 HackTheBox - Holiday
HackTheBox - Holiday
IppSec
17 HackTheBox - Europa
HackTheBox - Europa
IppSec
18 Introduction to tmux
Introduction to tmux
IppSec
19 HackTheBox - Blocky
HackTheBox - Blocky
IppSec
20 HackTheBox - Nineveh
HackTheBox - Nineveh
IppSec
21 HackTheBox - Jail
HackTheBox - Jail
IppSec
22 HackTheBox - Blue
HackTheBox - Blue
IppSec
23 HackTheBox - Calamity
HackTheBox - Calamity
IppSec
24 HackTheBox - Shrek
HackTheBox - Shrek
IppSec
25 HackTheBox - Mirai
HackTheBox - Mirai
IppSec
26 HackTheBox - Shocker
HackTheBox - Shocker
IppSec
27 HackTheBox - Mantis
HackTheBox - Mantis
IppSec
28 HackTheBox - Node
HackTheBox - Node
IppSec
29 HackTheBox - Kotarak
HackTheBox - Kotarak
IppSec
30 HackTheBox - Enterprise
HackTheBox - Enterprise
IppSec
31 HackTheBox - Sense
HackTheBox - Sense
IppSec
32 HackTheBox - Minion
HackTheBox - Minion
IppSec
33 VulnHub - Sokar
VulnHub - Sokar
IppSec
34 VulnHub - Pinkys Palace v2
VulnHub - Pinkys Palace v2
IppSec
35 HackTheBox - Inception
HackTheBox - Inception
IppSec
36 Vulnhub - Trollcave 1.2
Vulnhub - Trollcave 1.2
IppSec
37 HackTheBox - Ariekei
HackTheBox - Ariekei
IppSec
38 HackTheBox - Flux Capacitor
HackTheBox - Flux Capacitor
IppSec
39 HackTheBox - Jeeves
HackTheBox - Jeeves
IppSec
40 HackTheBox - Tally
HackTheBox - Tally
IppSec
41 HackTheBox - CrimeStoppers
HackTheBox - CrimeStoppers
IppSec
42 HackTheBox - Fulcrum
HackTheBox - Fulcrum
IppSec
43 HackTheBox - Chatterbox
HackTheBox - Chatterbox
IppSec
44 HackTheBox - Falafel
HackTheBox - Falafel
IppSec
45 How To Create Empire Modules
How To Create Empire Modules
IppSec
46 HackTheBox - Nightmare
HackTheBox - Nightmare
IppSec
47 HackTheBox - Nightmarev2  - Speed Run/Unintended Solutions
HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions
IppSec
48 HackTheBox - Bart
HackTheBox - Bart
IppSec
49 HackTheBox -  Aragog
HackTheBox - Aragog
IppSec
50 HackTheBox - Valentine
HackTheBox - Valentine
IppSec
HackTheBox - Silo
HackTheBox - Silo
IppSec
52 HackTheBox - Rabbit
HackTheBox - Rabbit
IppSec
53 HackTheBox - Celestial
HackTheBox - Celestial
IppSec
54 HackTheBox - Stratosphere
HackTheBox - Stratosphere
IppSec
55 HackTheBox - Poison
HackTheBox - Poison
IppSec
56 HackTheBox - Canape
HackTheBox - Canape
IppSec
57 HackTheBox - Olympus
HackTheBox - Olympus
IppSec
58 HackTheBox - Sunday
HackTheBox - Sunday
IppSec
59 HackTheBox - Fighter
HackTheBox - Fighter
IppSec
60 HackTheBox - Bounty
HackTheBox - Bounty
IppSec

Related Reads

📰
Windows OLE Zero-Click RCE Exploitation Detected (CVE-2025–21298) — LetsDefend SOC Simulator
Learn about the Windows OLE zero-click RCE exploitation and how to detect it, which is crucial for cybersecurity professionals to protect against remote code execution attacks
Medium · Cybersecurity
📰
Cybercrime Enforcement Strengthens Amidst Web3 Development Buzz and Market Caution
Cybercrime enforcement is strengthening as Web3 development advances, despite market caution, and here's how you can stay informed and protected
Dev.to AI
📰
The “Perfect” Codebase That Made Me Stop and Think (Hacking attempt)
Learn from a developer's experience with a surprisingly secure codebase that was actually a hacking attempt, and why it matters for cybersecurity awareness
Medium · Cybersecurity
📰
Onion Signals
Onion links reveal insights into privacy, trust, and the unindexed internet, and why they matter for cybersecurity
Medium · Cybersecurity

Chapters (20)

1:30 Begin of recon
3:15 Begin of installing SQLPlus and ODAT (Oracle Database Attack Tool)
8:45 Bruteforcing the SID with ODAT
10:15 Holy crap, this is slow lets also do it with Metasploit
13:00 Bruteforcing valid logins with ODAT
16:00 Credentials returned, logging into Oracle with SQLPlus as SysDBA
19:00 Reading files from disk via Oracle
23:20 Writing files to disk from Oracle. Testing it in WebRoot Directory
25:52 File Written, lets write an ASPX WebShell to the Server
29:10 WebShell Working! Lets get a Reverse Shell
31:28 Reverse Shell Returned
32:24 Finding a DropBox link, but password doesn't display well.
33:55 Attempting to copy file via SMB to view UTF8 Text
35:18 That didn't work, lets transfer the file by encoding it in Base64.
36:55 Got the password lets download the dump!
39:10 Begin of Volatility
45:20 Running the HashDump plugin from volatilty then PassTheHash with Administrator
47:35 Begin of unintended way, examining odat and uploading an meterpreter exe
50:30 Using odat externaltable to execute meterpreter and get a system shell!
52:20 Examining odat verbosity flag to see what commands it runs and try to learn.
Up next
Best VPN For China 2026 — Which One Actually Works?
Tutorial Stack
Watch →