Re: [sqlmap-users] Deploy&Create SSH/tunnel with compromised MSSQL server

Fri, 24 May 2013 23:03:31 -0700 

Open a multi/handler serving up a basic reverse shell in Metasploit and
telnet into it using the os-shell. Then upgrade the session with sessions
-u.


On Sat, May 25, 2013 at 12:55 AM, Alok Kumar <alok.members...@gmail.com>wrote:

> Hello friends,
> I desperately need your help in my post exploitation phase.
>
> After exploiting the sql injection(time-based) vulnerability using sqlmap,
> I got OS-Shell> of compromised database server, however I failed to inject
> meterpreter with an error stating that injection failed due to
> Antivirus..bla..bla..
>
> I didn't tried VNC yet, but my prediction is it may fail as well.
>
> Also my assumption is the compromised database configured to communicate
> with application server on LAN IP and has no public facing internet
> configuration, means no direct internet access.
>
> OS-Shell> response is very slow, it takes 4-8 hours to respond to simple
> command like "net user" :(
>
> Now in this situation can we deploy and create some tunnel to database,
> which is faster and give quick response to further probing such as scan the
> internal of their network?
>
> (Fyi, this is an ongoing authorized penetration test exercise)
>
>
> kindly HELP
>
>
> Regards,
> Alok
>
>
> ------------------------------------------------------------------------------
> Try New Relic Now & We'll Send You this Cool Shirt
> New Relic is the only SaaS-based application performance monitoring service
> that delivers powerful full stack analytics. Optimize and monitor your
> browser, app, & servers with just a few lines of code. Try New Relic
> and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>


-- 
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website

------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service 
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to