Silo Box Writeup & Walkthrough – [HTB] – HackTheBox
This article shows how to hack Silo box and obtain both user.txt and root.txt by using Kali Linux.
Silo is a machine on the HackTheBox Platform.
Hack The Box is an online platform allowing you to test your penetration testing skills and exchange ideas and methodologies with other members of similar interests. It contains several challenges that are constantly updated.
This article shows how to hack Silo box and gain user.txt and root.txt.
First, I execute the following command to scan the Silo box IP address to obtain open ports and see if there are any weak services.
As the screenshot shown above, there are several open ports. I then go to check them one by one.
The HTTP service (IIS) is running on the box, and I start on this service first. Open browser, and then navigate to the website (http://10.10.10.82).
The webpage is a default IIS Webpage. I assume that the web service is just a rabbit hole, however, just in case, I use
dirb to enumerate the web folder and see what I can find.
Unluckily, I do not find anything interesting. Therefore, I move to the next service.
For attacking these services, I use metasploit, but, after my testing, there is no vulnerability on these services. It is another rabbit hole. I then move to the Oracle Database.
For hacking Oracle database, I use this tool: ODat
You may have to spend few hours for installing this tool on your Kali Linux. However, after installed it, everything would be easy.
After installed ODat, the next step is that I need to obtain a valid credential. There are some Oracle Database default credentials.
After verifying, I obtain a valid default credential:
Then, I run the following command to obtain root.txt:
Get User.txt is a little difficult. First, I need to write a bat script to list users folder to figure out the username. (Another way is to run command
net user to identify username)
I create a new file, name is 1.bat, and then insert the following content:
dir /a c:\users\
Then, we use the following command to upload the file and run the bat script.
Then, we ran the command to get the list of user folder, and we got the username:
Yay! I obtain the username “Phineas”. Then, I can use the same way to get the user.txt. (The command is similar with reading root.txt, just need to change the location to C:/Users/Phineas/Desktop/user.txt)
In general, it is an easy. The most difficult part is to install ODat and understand/learn some basic knowledge regarding the Oracle Database. Then, I spent a few hours to install the tool and just spent about 10 mins to root it.
There is my another write-up of Aragog Box.