Need some help with the first question in the Attacking SQL database.
I have no clue how to get the mssql password. I have looked at all the db’s and I do not have access to the flagDB or hmaildb. Have no clue how to move forward on this section. Any help would be appreciated.
Try sqsh (doesn’t work on pwnbox so VPN on own Liux machine), that did the trick for me. I always hate it when you get sidetracked with unclear ‘execution’ things but if you have the right password it should work.
Bro, I am lost haha… I think i am over looking something here. Would yall be able to give me another nugget? I have tried looking through the db however, I am unable to find the users table. However, I have found
1> SELECT * FROM syslogins
SELECT name, password FROM master…syslogins
however, I am unable to find much of use. I have tried enum the other ports and I might be missing something throughout the ports.
I will be looking into RDP. Hopefully I find something?
Check impacket mssqlclient, esp the command help once you’re connected. It has some nice added functionalities / shortcuts for most of the techniques taught in this chapter (easy activation of xp_cmdshell, enumeration of users that you can impersonate, links, etc.).