Memory Dump
ps c:\Users\Phineas\Desktop> cat "Oracle issue.txt"
support vendor engaged to troubleshoot windows / oracle performance issue (full memory dump requested):
Dropbox link provided to vendor (and password under separate cover).
Dropbox link
https://www.dropbox.com/sh/69skryzfszb7elq/AADZnQEbbqDoIf5L2d0PBxENa?dl=0
link password:
?%Hm8646uC$after enumerating the basic, a note was discovered at c:\Users\Phineas\Deskto\Oracle issue.txt
It says that there is a memory dump located at the link attached along with the password
Navigating to it over a browser
Unlocking it with the said password; ?%Hm8646uC$
It says that the password is not correct
password was actually £%Hm8646uC$
This is either the system not interpretating the special character £, therefore printing ”?” in the initial password, “?%Hm8646uC$”
or all this was just intended.
┌──(kali㉿kali)-[~/archive/htb/labs/silo]
└─$ unzip SILO-20180105-221806.zip
archive: SILO-20180105-221806.zip
inflating: SILO-20180105-221806.dmp I downloaded the zip file and de-compressing the archive
┌──(kali㉿kali)-[~/archive/htb/labs/silo]
└─$ file SILO-20180105-221806.dmp
silo-20180105-221806.dmp: MS Windows 64bit crash dump, full dump, 261996 pagesIt’s a crash dump with 261996 pages of data..
Forensics time