⌘Ctrlk

Attacking Common Services

Interacting with Common Services

Windows CMD - Findstr

c:\htb>findstr /s /i cred n:\*.*

n:\Contracts\private\secret.txt:file with all credentials
n:\Contracts\private\credentials.txt:admin:SecureCredentials!

We can find more findstr examples here.

Linux - Mount

eldeim@htb[/htb]$ sudo mkdir /mnt/Finance
eldeim@htb[/htb]$ sudo mount -t cifs -o username=plaintext,password=Password123,domain=. //192.168.220.129/Finance /mnt/Finance

As an alternative, we can use a credential file.

Note: We need to install cifs-utils to connect to an SMB share folder. To install it we can execute from the command line sudo apt install cifs-utils.

eldeim@htb[/htb]$ mount -t cifs //192.168.220.129/Finance /mnt/Finance -o credentials=/path/credentialfile

The file credentialfile has to be structured like this:

username=plaintext
password=Password123
domain=.

Linux - Find

Next, let's find files that contain the string cred:

Command Line Utilities - MySQL

Linux - SQSH

The sqlcmd utility lets you enter Transact-SQL statements, system procedures, and script files through a variety of available modes:

At the command prompt.
In Query Editor in SQLCMD mode.
In a Windows script file.
In an operating system (Cmd.exe) job step of a SQL Server Agent job.

Windows - SQLCMD

To learn more about sqlcmd usage, you can see Microsoft documentation.

Linux - MySQL

We can easily start an interactive SQL Session using Windows:

Windows - MySQL

Tools to Interact with Common Services

Service Misconfigurations

PreviousSkills Assessment - Password Attacks NextAttacking FTP

Last updated 1 month ago