![]() ![]() > Direct and reverse bindshell, both TCP and UDP To find a port that is allowed by the firewall of the target network ![]() > TCP/UDP portscan from the target SQL Server to the attacking machine, in order > Upload of netcat (or any other executable) using only normal HTTP requests (no FTP/TFTP needed). > Creation of a custom xp_cmdshell if the original one has been removed ![]() ![]() > Bruteforce of 'sa' password (in 2 flavors: dictionary-based and incremental). Fingerprint of the remote SQL Server (version, user performing the queries, user privileges, xp_cmdshell availability, DB authentication mode)
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |