Not a Pentester Academy student? Try our Free Communitiy Labs
A Kali GUI machine and a target machine running an MSSQL service are provided to you. The IP address of the target machine is provided in a text file named target placed on the Desktop of the Kali machine (/root/Desktop/target).
Your task is to fingerprint the service using the tools available on the Kali machine and run Nmap scripts to enumerate the Windows target machine MSSQL service.
- Identify MSSQL Database Server
- Find information from the MSSQL server with NTLM.
- Enumerate all valid MSSQL users and passwords
- Identify 'sa' user password
- Execute MSSQL query to extract sysusers
- Dump MSSQL users hashes
- Execute a command on MSSQL to retrieve the flag. (The flag is located inside C:\flag)
- Your Kali machine has an interface with IP address 10.10.X.Y. Run “ip addr” to know the values of X and Y.
- The IP address of the target machine is mentioned in the file “/root/Desktop/target”
- Do not attack the gateway located at IP address 192.V.W.1 and 10.10.X.1
- Using automated scanners
- Using brute force attacks
- Denial of Service attacks
- Attacking the lab infrastructure
Users violating the above will be either temporarily or permanently banned from the website.
Technical Support for this Lab:
We currently provide technical support limited to:
- Giving hints for a lab exercise
- A lab exercise fails to load or has errors in it