No video
Hacking MS-SQL - From SQLi to Server Administrator
Рет қаралды 13,974
Күн бұрынIn this video we conduct initial scanning and enumeration on a Windows Server, discover a SQL injection vulnerability in a website, exploit it, and gain access of the server.
Please consider supporting me on Patreon at / themayor
Join the conversation on Discord at / discord
This lab is part of the Web Application Penetration Tester course from eLearnSecurity/INE.
@craigmac7176 3 жыл бұрын
Great run through, first time i've seen SQLi acted on. Thank you!
@JoeHellethemayor 3 жыл бұрын
Glad you enjoyed it!
@HMBK2077 Жыл бұрын
Thanks for sharing. Your video helps me a lot in CTF .
@ewinwahyu7763 Жыл бұрын
Thanks for your help and support brother
@marcovicentin5010 3 жыл бұрын
Great video! Thanks you!👍
@JoeHellethemayor 3 жыл бұрын
Thanks for watching!
@slayerplayz9405 Жыл бұрын
Unable to upload exe file on server via certutil.exe
@KennyB1990 3 жыл бұрын
Could this type of exploit be done against Windows Server 2012 or above? Doing a pen testing project at uni. Great Video :)
@JoeHellethemayor 3 жыл бұрын
Hey thanks! As far as I'm aware no version of MS-SQL is immune from SQLi. So to your question, yes. In regards to actually getting command shell access to the server, that requires the xp_cmdshell setting to be enabled by the administrator, or disabled but re-enabled if possible. Here's a list of MS-SQL payloads for your project if you don't have it already. github.com/swisskyrepo/PayloadsAllTheThings/blob/master/SQL%20Injection/MSSQL%20Injection.md Cheers!
@Free.Education786 3 жыл бұрын
Also teach us how to BYPASS 403 forbidden error, 406 WAF error and file UPLOAD restrictions errors.... Thanks for your help and support brother 🤝😘😍❤💚💙🤗🤩👍
@ruszomalkuko 3 жыл бұрын
What OS is you lab? I can see that raspberry icon and asking if it is possible to consider my raspberry pi 4 be a Cyberlab
@JoeHellethemayor 3 жыл бұрын
I use Kali with a custom desktop interface I prettied up with some Raspberry Pi stuff. That said, the 8GB version of Kali works very well.
@goebbelsx 3 жыл бұрын
Thanks. I'm going through hackthebox's prolab offshore and this walkthrough was very useful.
@JoeHellethemayor 3 жыл бұрын
Awesome! I'm really glad to hear.
@jorgevilla6523 3 жыл бұрын
Great Video!!
@JoeHellethemayor 3 жыл бұрын
Thanks! I'm glad you liked it.
@user-uh5pn4qd3i 2 жыл бұрын
So if a website is using MS Sql as backend, will this method work like sqlmap does for websites that uses MySQL as backend??
@JoeHellethemayor 2 жыл бұрын
SQLmap can enumerate MSSQL the same as it can MySQL, as shown in the video.
@reyandutta 3 жыл бұрын
Is this the real TheMayor11 YT chamnel?
@JoeHellethemayor 3 жыл бұрын
Yep.
@kirangameng.7442 Жыл бұрын
Plzz help me my account hack halp
@martinshudson7561 Жыл бұрын
its not working for me when i try to use certutil.exe -urlcaxhe -f targetip
SecShiv
Рет қаралды 24 М.
David Bombal
Рет қаралды 322 М.