After a late night session, I just took down Oracle! It was an easy one, but it took some time as I got stuck on working on an exploit that I eventually didn’t use in favour of a different one.
Some thoughts…
- Don’t only check Exploit-DB, look at Github as well for exploits.
- Sometimes exploits can only be run once, if you mess up, you have to revert
- Remember that 4444 won’t always be allowed out of the targets firewall
- There some issues when running a python script I ‘wget’ from Exploit-DB. Turns out the line breaks were not formatted correctly for Linux. A simple ‘dos2unix’ command fixed this. https://en.wikipedia.org/wiki/Unix2dos
- Make sure you’re running python scripts using python, not bash!
Days left: 48
Rooted: Oracle, Payday, Hotline, Alice, Bob, Beta, Leftturn, Master, Dotty, Pheonix