Hello,
I’m pretty new to pen-testing and stuff like that. So I started with the starting-point.
My problem is, that I don’t get a reverse shell. Instead, the sql-client just says “null”. When I try to do it once again, I get an operation time out.
Screenshots:
The shell.ps1 contains my htb-ip-address.
The python web-server was started inside the folder, where shell.ps1 is.
I tried to restart ufw and set the firewall-rule up again, got the message “skipping existing rule”.
I don’t know what I’m doing wrong and would appreciate any hint!
Thanks in advance
Have you started http.server on port 443? Since it returns “null” it appears to me there might be nothing on that port. Also it’s likely that netcat wouldn’t allow you to open a listener on this port if it was already used by other service. If you followed the exact commands from the tutorial and opened a server on 80, try connecting to this port instead.
Thanks for the response!
Unfortunately, it didn’t work either. Now it just stucks after I hit the enter-button.
I tried the normal way again and encountered the same problem: It just stucks. (I can abort it though)
Thanks a lot, @WolveRyan !
After hitting the Enter-Button a few times, a “#” came in front of it.
And after that ‘#’, you can type in commands as like “powershell” which will return “C:.…”. From now on, you can go further with the tutorial!
Hello, I am stuck at nearly the same point.
My SQL powershell command gives me an error. It says that my machine actively refused the connection, but the script is downloaded, I see a Get request in my http server. Furthermore I get a # when I hit Enter in the netcat window. Maybe one of you can help me. I can attach screenshots if needed.
Stuck at same point. This is first time trying to use PoweShell exploit like this. I can the server is sending a get request for the IP address but wondering if anything in the PS script provided needed to be changed outside of the IP address? the listener seems to be working, the server seems to be working and im not getting any errors on the SQL cmdshell but im not getting the # and just nothing seems to happen. Any advice or push in the right direction would be greatly appreciated.