![]() ![]() With mssqlclient.py you can try: SQL> enable_xp_cmdshell If you have access to a Micosoft SQL Server, you can try and enable_xp_cmdshell to run commands. IMPORT CORRUPT KEEPASSX DATABASE TO NEW FILE PASSWORDIf your password fails, the server might be using "Windows authentication", which you can use with: mssqlclient.py -windows-auth ![]() You can connect to a Microsoft SQL Server with myssqlclient.py knowing a username and password like so: NOTE: DEPENDING ON THE VERSION OF SMBCLIENT YOU ARE USING, you may need to SPECIFY the use of S prompt, and you can use ls and get to retrieve files or even put if you need to place files there. Worth trying localhost as a domain, if that gets "NO_LOGON_SERVERS" smbmap -H 10.10.10.125 -u anonymous -d localhost Or you can attempt just: smbmap -H 10.10.10.125Īnd you can specify a domain like so: smbmap -H 10.10.10.125 -u anonymous -d HTB.LOCAL To try and list shares as the anonymous user DO THIS (this doesn't always work for some weird reason) ![]() Smbmap tells you permissions and access, which smbclient does not do! If you need to use a program that is not on the box you just broke into, try and build a static binary! I've seen this used on Fatty for HackTheBox, getting a pty with the typical python -c 'import pty.' trick when it didn't have Python originally! The formal tool that automates some of this low-hanging fruit checking isįinally released. I hope to keep it as a "live document," and ideally it will not die out like the old "tools" page I had made ( ). This repository, at the time of writing, will just host a listing of tools and commands that may help with CTF challenges. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |