No it doesn't work that way.
On Sat, May 25, 2013 at 1:08 AM, Alok Kumar <alok.members...@gmail.com>wrote:
> Ya that's a good idea, thanks!
> but r u sure it will work even if MSSQL db has no direct internet
> connection? will it be able to route db telnet request to my metasploit
> system through vulnerable application?
>
>
> On Sat, May 25, 2013 at 11:33 AM, Brandon Perry <bperry.volat...@gmail.com
> > wrote:
>
>> Open a multi/handler serving up a basic reverse shell in Metasploit and
>> telnet into it using the os-shell. Then upgrade the session with sessions
>> -u.
>>
>>
>> On Sat, May 25, 2013 at 12:55 AM, Alok Kumar
>> <alok.members...@gmail.com>wrote:
>>
>>> Hello friends,
>>> I desperately need your help in my post exploitation phase.
>>>
>>> After exploiting the sql injection(time-based) vulnerability using
>>> sqlmap, I got OS-Shell> of compromised database server, however I failed to
>>> inject meterpreter with an error stating that injection failed due to
>>> Antivirus..bla..bla..
>>>
>>> I didn't tried VNC yet, but my prediction is it may fail as well.
>>>
>>> Also my assumption is the compromised database configured to communicate
>>> with application server on LAN IP and has no public facing internet
>>> configuration, means no direct internet access.
>>>
>>> OS-Shell> response is very slow, it takes 4-8 hours to respond to simple
>>> command like "net user" :(
>>>
>>> Now in this situation can we deploy and create some tunnel to database,
>>> which is faster and give quick response to further probing such as scan the
>>> internal of their network?
>>>
>>> (Fyi, this is an ongoing authorized penetration test exercise)
>>>
>>>
>>> kindly HELP
>>>
>>>
>>> Regards,
>>> Alok
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Try New Relic Now & We'll Send You this Cool Shirt
>>> New Relic is the only SaaS-based application performance monitoring
>>> service
>>> that delivers powerful full stack analytics. Optimize and monitor your
>>> browser, app, & servers with just a few lines of code. Try New Relic
>>> and get this awesome Nerd Life shirt!
>>> http://p.sf.net/sfu/newrelic_d2d_may
>>> _______________________________________________
>>> sqlmap-users mailing list
>>> sqlmap-users@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>
>>>
>>
>>
>> --
>> http://volatile-minds.blogspot.com -- blog
>> http://www.volatileminds.net -- website
>>
>
>
--
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website
------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
