Support for database process' user privilege escalation via Metasploit's Meterpreter getsystem command.This channel can be an interactive command prompt, a Meterpreter session or a graphical user interface (VNC) session as per user's choice. Support to establish an out-of-band stateful TCP connection between the attacker machine and the database server underlying operating system.Support to execute arbitrary commands and retrieve their standard output on the database server underlying operating system when the database software is MySQL, PostgreSQL or Microsoft SQL Server. Support to download and upload any file from the database server underlying file system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.This is useful, for instance, to identify tables containing custom application credentials where relevant columns' names contain string like name and pass. Support to search for specific database names, specific tables across all databases or specific columns across all databases' tables. The user can also choose to dump only a range of characters from each column's entry.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |