Silo Box Writeup & Walkthrough – [HTB] – HackTheBox

This article shows how to hack Silo box and obtain both user.txt and root.txt by using Kali Linux.
Introduction
Silo is a machine on the HackTheBox Platform.
Hack The Box is an online platform allowing you to test your penetration testing skills and exchange ideas and methodologies with other members of similar interests. It contains several challenges that are constantly updated.
This article shows how to hack Silo box and gain user.txt and root.txt.
Enumeration
First, I execute the following command to scan the Silo box IP address to obtain open ports and see if there are any weak services.
|
|

As the screenshot shown above, there are several open ports. I then go to check them one by one.
Hack Silo Box
Obtain root.txt
Silo Box HTTP Service
The HTTP service (IIS) is running on the box, and I start on this service first. Open browser, and then navigate to the website (http://10.10.10.82).

The webpage is a default IIS Webpage. I assume that the web service is just a rabbit hole, however, just in case, I use dirb
to enumerate the web folder and see what I can find.

Unluckily, I do not find anything interesting. Therefore, I move to the next service.
Attack 135, 139 & 445 ports
For attacking these services, I use metasploit, but, after my testing, there is no vulnerability on these services. It is another rabbit hole. I then move to the Oracle Database.
Obtain root.txt
For hacking Oracle database, I use this tool: ODat
You may have to spend few hours for installing this tool on your Kali Linux. However, after installed it, everything would be easy.
After installed ODat, the next step is that I need to obtain a valid credential. There are some Oracle Database default credentials.

After verifying, I obtain a valid default credential:
Username: scott
Password: tiger
Then, I run the following command to obtain root.txt:
|
|

Obtain user.txt
Get User.txt is a little difficult. First, I need to write a bat script to list users folder to figure out the username. (Another way is to run command net user
to identify username)
I create a new file, name is 1.bat, and then insert the following content:
dir /a c:\users\

Then, we use the following command to upload the file and run the bat script.
|
|
Then, we ran the command to get the list of user folder, and we got the username:
|
|

Yay! I obtain the username “Phineas”. Then, I can use the same way to get the user.txt. (The command is similar with reading root.txt, just need to change the location to C:/Users/Phineas/Desktop/user.txt)

Summary
In general, it is an easy. The most difficult part is to install ODat and understand/learn some basic knowledge regarding the Oracle Database. Then, I spent a few hours to install the tool and just spent about 10 mins to root it.
There is my another write-up of Aragog Box.