If that DOES succeed, you can now run commands like: SQL> xp_cmdshell whoami With mssqlclient.py you can try: SQL> enable_xp_cmdshell If you have access to a Micosoft SQL Server, you can try and enable_xp_cmdshell to run commands. If your password fails, the server might be using "Windows authentication", which you can use with: mssqlclient.py -windows-auth You can connect to a Microsoft SQL Server with myssqlclient.py knowing a username and password like so: NOTE: DEPENDING ON THE VERSION OF SMBCLIENT YOU ARE USING, you may need to SPECIFY the use of S prompt, and you can use ls and get to retrieve files or even put if you need to place files there. Worth trying localhost as a domain, if that gets "NO_LOGON_SERVERS" smbmap -H 10.10.10.125 -u anonymous -d localhost Or you can attempt just: smbmap -H 10.10.10.125Īnd you can specify a domain like so: smbmap -H 10.10.10.125 -u anonymous -d HTB.LOCAL To try and list shares as the anonymous user DO THIS (this doesn't always work for some weird reason) Smbmap tells you permissions and access, which smbclient does not do! If you need to use a program that is not on the box you just broke into, try and build a static binary! I've seen this used on Fatty for HackTheBox, getting a pty with the typical python -c 'import pty.' trick when it didn't have Python originally! The formal tool that automates some of this low-hanging fruit checking isįinally released. ![]() I hope to keep it as a "live document," and ideally it will not die out like the old "tools" page I had made ( ). ![]() This repository, at the time of writing, will just host a listing of tools and commands that may help with CTF challenges.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |