Hacking MS-SQL - From SQLi to Server Administrator
HTML-код
- Опубликовано: 30 сен 2024
- In this video we conduct initial scanning and enumeration on a Windows Server, discover a SQL injection vulnerability in a website, exploit it, and gain access of the server.
Please consider supporting me on Patreon at / themayor
Join the conversation on Discord at / discord
This lab is part of the Web Application Penetration Tester course from eLearnSecurity/INE.
Also teach us how to BYPASS 403 forbidden error, 406 WAF error and file UPLOAD restrictions errors....
Thanks for your help and support brother
🤝😘😍❤💚💙🤗🤩👍
Unable to upload exe file on server via certutil.exe
Could this type of exploit be done against Windows Server 2012 or above? Doing a pen testing project at uni. Great Video :)
Hey thanks! As far as I'm aware no version of MS-SQL is immune from SQLi. So to your question, yes.
In regards to actually getting command shell access to the server, that requires the xp_cmdshell setting to be enabled by the administrator, or disabled but re-enabled if possible. Here's a list of MS-SQL payloads for your project if you don't have it already. github.com/swisskyrepo/PayloadsAllTheThings/blob/master/SQL%20Injection/MSSQL%20Injection.md
Cheers!
Is this the real TheMayor11 YT chamnel?
Yep.
Great run through, first time i've seen SQLi acted on. Thank you!
Glad you enjoyed it!
Great video! Thanks you!👍
Thanks for watching!
Thanks for sharing. Your video helps me a lot in CTF .
Thanks for your help and support brother
its not working for me when i try to use certutil.exe -urlcaxhe -f targetip
Plzz help me my account hack halp
So if a website is using MS Sql as backend, will this method work like sqlmap does for websites that uses MySQL as backend??
SQLmap can enumerate MSSQL the same as it can MySQL, as shown in the video.
What OS is you lab? I can see that raspberry icon and asking if it is possible to consider my raspberry pi 4 be a Cyberlab
I use Kali with a custom desktop interface I prettied up with some Raspberry Pi stuff.
That said, the 8GB version of Kali works very well.
Great Video!!
Thanks! I'm glad you liked it.
Thanks. I'm going through hackthebox's prolab offshore and this walkthrough was very useful.
Awesome! I'm really glad to hear.