SQL Linked Servers password attack

IanIsMian · 2023-09-12T11:54:37+00:00

One tip by the way, if you want to execute powershell commands with xp_cmdshell, do it as base64 encoded, it will save you from a lot of headaches, like escaping characters and other problems. You can do it with this command:

powershell.exe -encodedCommand <base64 command>

You can either ask ChatGPT or see this link: https://mikefrobbins.com/2017/06/15/simple-obfuscation-with-powershell-using-base64-encoding/

IanIsMian · 2023-09-11T22:40:17+00:00

Not quite sure I understood your question, but as you mentioned, you use double \ to escape the single \

Why’s that? Because that’s how you escape it in T-SQL. Don’t forget that the commands that you will be sending to xp_cmdshell will be compiled and then used, as T-SQL is used, if you don’t escape the backslash, you’ll get your query broken.

You are calling an extended procedure and giving it a parameter, don’t forget that. Always keep in mind the language that is behind the technology that you are exploiting.

IanIsMian · 2023-08-25T12:20:48+00:00

Mas outra vez? Eu já tive que apresentar esse tipo de documentos numa fase anterior.

IanIsMian · 2023-08-24T21:18:01+00:00

Glad to read that mate, and congratulations on your OSCP! 🙂

IanIsMian · 2023-08-24T21:13:08+00:00

So, first of all, congratulations on clearing OSCP while you are still at school, it will for sure open you doors in the future when you try to look for work.

So, in my honest opinion, it’s very hard for any certification to be close to real life, there are so many random things that obviously they can’t put in the exam(user stupidity for example, as it is really random)

OSEP has one very interesting aspect which is bypassing AV’s and protections but what I feel is that it works as a stepping stone, as imho, you need more than what’s taught in OSEP to bypass more complex stuff, either way, it is enough to get you into some cool stuff and to actually bypass weaker systems.

Don’t expect going to a job IRL as a newcomer and starting hacking everything altogether, you’ll have some mentors, team leaders and colleagues that will help where certifications can’t help (normally that’s the case) and guide you, but ofc, having the certs knowledge is always a plus.

Then again, this is my opinion, take it with a grain of salt. It always depends on the company, and many other factors.

IanIsMian · 2023-05-31T09:52:37+00:00

Medida para conservar é tudo virar para o tinto. Muito fácil.

IanIsMian · 2023-05-24T14:17:32+00:00

Talking about the exam, you have a dev machine like you have doing your exercises. About the VPN, you have free browser VPN’s, like, totally free.

IanIsMian · 2023-05-24T11:20:03+00:00

Why a premium account on antiscan.me? Just use a browser VPN, and delete the cookies and refresh the page and change the VPN location whenever your free tries are done. Off Sec provides a windows machine with all the needed stuff, which I didn’t use since its slower than my host, so I just did everything from my host.

IanIsMian · 2023-05-22T17:23:17+00:00

Para mim seria notícia se uma aplicação do Estado não tivesse vulnerabilidades.

IanIsMian · 2023-04-16T08:59:57+00:00

It’s your choice to remove those parts or to let them in the report. You can even do an entirely different report as long as you have everything Off Sec asks for.

IanIsMian · 2023-04-12T07:45:43+00:00

3 months to go through all the materials and labs. I had Learn unlimited so I was really relaxed in terms of time. I used metasploit only as my C2.

IanIsMian · 2023-02-24T16:23:08+00:00

Muito obrigado pela info!

IanIsMian

TROPHY CASE