In this demonstration we will exploit an MSSQL server through a penetration test, involving a series of SQL injections, that will give us unauthorized access to a web application. We will then leverage this access to overwrite a file and execute code which will grant us a reverse shell as SYSTEM into the target MSSQL server.
External penetration testing (also known as external network penetration testing) is a security assessment of an organization’s perimeter systems. Your perimeter comprises all those systems which are directly reachable from the internet. By nature, they are the most exposed systems as they are out in the open and are, therefore, the most easily and regularly attacked.