MSSQL DB User Impersonation to RCE

overview

A Kali GUI machine and a target machine running an MSSQL service are provided to you. The user will access the windows server deployed on http://demo.ine.local

Your task is to fingerprint the MSSQL service using the tools available on the Kali machine. Then, use the mssqlclient.py to connect to the remote MSSQL service and perform database user privilege escalation and gain the shell on the target machine.

Privilege Escalation Path: bob -> dbuser -> sa

Objective: Exploit the server and retrieve the flag!

The following username and password may be used to access the service:

Username: bob

Password: KhyUuxwp7Mcxo7

Instructions:

Your Kali machine has an interface with IP address 10.10.X.Y. Run “ip addr” to know the values of X and Y.
The IP address of the target machine is mentioned in the file “/root/Desktop/target”
Do not attack the gateway located at IP address 192.V.W.1 and 10.10.X.1

solutions

The solution for this lab can be found in the following manual: https://assets.ine.com/labs/ad-manuals/walkthrough-2411.pdf

PreviousDNS & SMB Relay Attack NextLinux Exploitation: Lab 3 - Remote Exploitation and Post Exploitation

Last updated 10 months ago