Mastlog C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\DATA\mastlog.ldf Master C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\DATA\master.mdf SELECT name, physical_name AS current_file_location FROM sys.master_files In order to backup we need to find the location of all databases in order to create backup files we run a query in adminer: It is good to use adminer.php which i upload using the webdav share and login using the credentials above. Since we are dealing with MSSQL Databases. $this->sqldb = ‘bankingsystem’ # mssql database $this->sqlpw = ‘pass123*’ # mssql password So I find the credentials in a file called config.php We need to prove that the heist is possible. MSSQL is not as easy to backup as is the case with MySQL but not impossible. My Target is using MSSQL as the DBMS instead of the regular MySQL and PHP for the coding language. Now to complete the Application heist we move up one directory into htdocs, the hard work is done. Let’s access our shell it’s now located at: Uploading /home/alienwithin/shells/alien-shell.php to `/webdav/alien-shell.php` Mine is as below:ĭav:/webdav/>put /home/alienwithin/shells/alien-shell.php To upload a shell we use the put command inside the dav console. You can write your own shell or get an alternative if this is the case. Some like c99, devil shell etc are seen by antiviruses due to unsafe methods. This will vary based on the shell you use. Next we need to upload our shell in order to ensure that we can see the files in the webroot and manage databases locally. We next check that we are logged in to the right resource using pwd (Print Working Directory) Once logged in the response the console will be as below: It will ask for credentials then input the above given default ones. If behind a proxy add -p and specify the proxy:port We use cadaver since we are on linux, (on windows there are a couple of webdav tools too) to login and then use the put command to upload a shell. The webdav share has default credentials which are: Therefore to test for the attack on our target will be: For the purposes of this instance our target will be named: In order to test availability of the service just add /webdav to the root of the webserver.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |