RIS602 Lab 3 Timestamps: Web & Database Attack Chapters
1. Introduction and Attack Chain Overview
Salah introduces the lab on attacking vulnerable web and database services, outlining the full attack chain and the five stages of the attack.
2. Deploying and Using Tomcat Web Shell
Creating a GSP web shell, packaging it into a WAR file, deploying it via Tomcat manager, and executing non-interactive commands through the shell.
3. Privilege Escalation via Windows Sticky Keys
Explaining and demonstrating privilege escalation by replacing sethc.exe with cmd.exe to gain a fully interactive system shell through the Windows login screen.
4. Exploiting Jenkins Script Console for Command Execution
Using Jenkins built-in script console to run Groovy code for OS-level command execution on a separate machine with admin access.
5. Compromising Microsoft SQL Server
Using Metasploit to authenticate to MSSQL with weak credentials, enabling xp_cmdshell, and executing OS commands through the database server.
6. Extracting Windows Password Hashes
Exporting registry hives via xp_cmdshell, sharing and downloading them over SMB, and extracting NLM password hashes for offline cracking and pass-the-hash attacks.
7. Conclusion and Lab Summary
Recap of the chained attack steps, highlighting how each vulnerability led to the next, privilege escalation simplicity, database to OS compromise, and credential theft impact.
[0:00] Introduction and Attack Chain Overview Salah introduces the lab on attacking vulnerable web and database services, outlining the full attack chain and the five stages of the attack. [2:00] Deploying and Using Tomcat Web Shell Creating a GSP web shell, packaging it into a WAR file, deploying it via Tomcat manager, and executing non-interactive commands through the shell. [15:00] Privilege Escalation via Windows Sticky Keys Explaining and demonstrating privilege escalation by replacing sethc.exe with cmd.exe to gain a fully interactive system shell through the Windows login screen. [23:00] Exploiting Jenkins Script Console for Command Execution Using Jenkins built-in script console to run Groovy code for OS-level command execution on a separate machine with admin access. [27:00] Compromising Microsoft SQL Server Using Metasploit to authenticate to MSSQL with weak credentials, enabling xp_cmdshell, and executing OS commands through the database server. [31:00] Extracting Windows Password Hashes Exporting registry hives via xp_cmdshell, sharing and downloading them over SMB, and extracting NLM password hashes for offline cracking and pass-the-hash attacks. [37:00] Conclusion and Lab Summary Recap of the chained attack steps, highlighting how each vulnerability led to the next, privilege escalation simplicity, database to OS compromise, and credential theft impact.
Heads up!
These timestamps were automatically generated using AI with the Free YouTube Video Timestamp Tool by LunaNotes.
Generate timestamps for freeRelated Videos
SQL for Beginners Timestamps: Learn SQL Step-by-Step Chapters
Explore the detailed timestamps for our beginner-friendly SQL course to quickly navigate through essential SQL concepts and hands-on exercises. These chapters enable you to efficiently skip to topics from basic queries to advanced database management, enhancing your learning experience.
Racist Lady Shocked: Romance Scam Video Timestamps & Chapters
Explore the detailed timestamps and chapters of this eye-opening video uncovering a Nigerian romance scam involving a long-term victim. These chapters help you navigate key moments in the story, from the initial scam to the victim's shocking revelations and the investigation process. Understand how romance scams work and learn valuable lessons to protect yourself.
Power BI Full Course Timestamps: Complete Tutorial for Beginners
Explore detailed timestamps for the Power BI Full Course 2026, guiding you through each chapter from basics to advanced analytics. These chapters help you easily navigate topics like data modeling, DAX, visualization, and dashboard creation for effective learning.
Sniper Elite Resistance Part 1 Timestamps: Mission Breakdown
Explore the detailed chapter breakdowns of Sniper Elite Resistance Part 1 to follow every crucial moment of the mission that changes everything. These timestamps help you navigate key gameplay events and strategies effortlessly for a better viewing experience.
Expedition 33 Playthrough Timestamps – Episode 3 Gameplay Breakdown
Explore our detailed timestamps for Expedition 33 Playthrough – Episode 3, helping you navigate key moments in this exciting gaming session. Whether you're retrying battles, mastering parries, or enjoying the epic music, these chapters guide you through the action-packed journey.
Most Viewed
AI Search Timestamps: How SEO Works in 2026 Explained
Explore detailed chapters breaking down how AI search functions in 2026 from an SEO professional's perspective. These timestamps help you navigate key topics such as AI vs traditional SEO, major AI models, and practical strategies for SEO agencies.
2025's Most Intense Calls Timestamps: Drama and Debate
Explore the chapter breakdowns of 2025's most intense and debated calls in this video. These timestamps highlight the greatest hits that sparked thousands of comments and strong reactions, perfect for viewers who want to jump directly to the most engaging moments. Dive into the discussions that caused the biggest buzz and stay informed with easy navigation.
John Muir Biography Timestamps: Life, Legacy, and Conservation
Explore the detailed chapter breakdown of the John Muir biography video, highlighting key moments from his childhood to his impact on conservation. These timestamps allow you to navigate through his inspiring journey and understand the evolution of his environmental legacy.
Within You is the Power Timestamps: Secret Teachings for Self Empowerment
Explore the complete chapter breakdown of 'Within You is the Power' by Henry Thomas Hamblin. These timestamps guide you through key lessons on self-empowerment, spiritual growth, and overcoming life's challenges, making it easier to navigate and absorb the teachings effectively.
Morning Routine Timestamps: Mastering Student Success Chapters
Explore the detailed chapter breakdowns of this video to discover how most students misuse their mornings and learn the right way to start your day with focus and authority. These timestamps help you navigate key ideas to transform your morning routine and boost mental clarity.

