HTB buff notes
HTTP tips
when you see images, try downloading them and analyze the meta data.
wget image_URL`
exiftool image.img
check the modification time
Powershell command
get-content -shows what the file does
tasklist - shows all the programs
Upload nc.exe on the victim
nc.exe -zv localhost 8888
(talks to the server)
using chisel to interact with SQL server on Windows target
https://github.com/jpillora/chisel/releases
Download both linux and windows 64 versions gz
gunzip them and rename them to whatever you want.
Transfer the windows target machine (the windows file)
On Kali, gunzip the linux file and chmd +x it. start it with (if an error happens, the port is in use)
On windows,
Now that the tunneling is set up, we can connect to the sql serve via local host:3306
On kali,
You do want to have mySQL credentials before connecting.
mysQL password
look into /include for passwords
Login to the SQL server!
-> show databases;
use table_name; #shows columns
(you can make sure you're connected via chisel by "ss -lnpt | grep 3306")
Last updated