Re: [sqlmap-users] Deploy&Create SSH/tunnel with compromised MSSQL server

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Open a multi/handler serving up a basic reverse shell in Metasploit and
telnet into it using the os-shell. Then upgrade the session with sessions
-u.


On Sat, May 25, 2013 at 12:55 AM, Alok Kumar <alo...@gm...>wrote:

> Hello friends,
> I desperately need your help in my post exploitation phase.
>
> After exploiting the sql injection(time-based) vulnerability using sqlmap,
> I got OS-Shell> of compromised database server, however I failed to inject
> meterpreter with an error stating that injection failed due to
> Antivirus..bla..bla..
>
> I didn't tried VNC yet, but my prediction is it may fail as well.
>
> Also my assumption is the compromised database configured to communicate
> with application server on LAN IP and has no public facing internet
> configuration, means no direct internet access.
>
> OS-Shell> response is very slow, it takes 4-8 hours to respond to simple
> command like "net user" :(
>
> Now in this situation can we deploy and create some tunnel to database,
> which is faster and give quick response to further probing such as scan the
> internal of their network?
>
> (Fyi, this is an ongoing authorized penetration test exercise)
>
>
> kindly HELP
>
>
> Regards,
> Alok
>
>
> ------------------------------------------------------------------------------
> Try New Relic Now & We'll Send You this Cool Shirt
> New Relic is the only SaaS-based application performance monitoring service
> that delivers powerful full stack analytics. Optimize and monitor your
> browser, app, & servers with just a few lines of code. Try New Relic
> and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>


-- 
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website