Skip to main content

Escaped - Window - like signed

10.10.11.202 dc.sequel.htb sequel.htb dc openssl s_client -showcerts -connect 10.10.11.202:3269 | openssl x509 -noout -text

crackmapexec smb 10.10.11.202 --shares or smbclient -L \\sequel.htb\

crackmapexec smb 10.10.11.202 -u 0xdfnotreallyausername -p '' --shares smbclient //10.10.11.202/Public -N or smbclient \\sequel.htb\public

mssqlclient.py sequel.htb/PublicUser:GuestUserCantWrite1@dc.sequel.htb

lika@learning:~/Downloads/CVE-2024-8353$ impacket-mssqlclient sequel.htb/PublicUser:GuestUserCantWrite1@dc.sequel.htb
Impacket v0.13.0.dev0 - Copyright Fortra, LLC and its affiliated companies

[*] Encryption required, switching to TLS
[*] ENVCHANGE(DATABASE): Old Value: master, New Value: master
[*] ENVCHANGE(LANGUAGE): Old Value: , New Value: us_english
[*] ENVCHANGE(PACKETSIZE): Old Value: 4096, New Value: 16192
[*] INFO(DC\SQLMOCK): Line 1: Changed database context to 'master'.
[*] INFO(DC\SQLMOCK): Line 1: Changed language setting to us_english.
[*] ACK: Result: 1 - Microsoft SQL Server (150 7208)
[!] Press help for extra shell commands
SQL (PublicUser  guest@master)>
SQL (PublicUser  guest@master)> select name from master..sysdatabases;
name
------
master
tempdb
model
msdb

sudo ntpdate -u dc.sequel.htb