Ya that's a good idea, thanks!
but r u sure it will work even if MSSQL db has no direct internet
connection? will it be able to route db telnet request to my metasploit
system through vulnerable application?
On Sat, May 25, 2013 at 11:33 AM, Brandon Perry
<bperry.volat...@gmail.com>wrote:
> Open a multi/handler serving up a basic reverse shell in Metasploit and
> telnet into it using the os-shell. Then upgrade the session with sessions
> -u.
>
>
> On Sat, May 25, 2013 at 12:55 AM, Alok Kumar <alok.members...@gmail.com>wrote:
>
>> Hello friends,
>> I desperately need your help in my post exploitation phase.
>>
>> After exploiting the sql injection(time-based) vulnerability using
>> sqlmap, I got OS-Shell> of compromised database server, however I failed to
>> inject meterpreter with an error stating that injection failed due to
>> Antivirus..bla..bla..
>>
>> I didn't tried VNC yet, but my prediction is it may fail as well.
>>
>> Also my assumption is the compromised database configured to communicate
>> with application server on LAN IP and has no public facing internet
>> configuration, means no direct internet access.
>>
>> OS-Shell> response is very slow, it takes 4-8 hours to respond to simple
>> command like "net user" :(
>>
>> Now in this situation can we deploy and create some tunnel to database,
>> which is faster and give quick response to further probing such as scan the
>> internal of their network?
>>
>> (Fyi, this is an ongoing authorized penetration test exercise)
>>
>>
>> kindly HELP
>>
>>
>> Regards,
>> Alok
>>
>>
>> ------------------------------------------------------------------------------
>> Try New Relic Now & We'll Send You this Cool Shirt
>> New Relic is the only SaaS-based application performance monitoring
>> service
>> that delivers powerful full stack analytics. Optimize and monitor your
>> browser, app, & servers with just a few lines of code. Try New Relic
>> and get this awesome Nerd Life shirt!
>> http://p.sf.net/sfu/newrelic_d2d_may
>> _______________________________________________
>> sqlmap-users mailing list
>> sqlmap-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>>
>
>
> --
> http://volatile-minds.blogspot.com -- blog
> http://www.volatileminds.net -- website
>
------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
