Attacking Common Applications - Part III

June 3, 2025 - 1 min read

CPTS
Notes
Linux
Skills Assessment

This is the part two of the Attacking Common Application’s skills assessment section.

Situation

During our penetration test our team found a Windows host running on the network and the corresponding credentials for the Administrator. It is required that we connect to the host and find the hardcoded password for the MSSQL service. What is the hardcoded password for the database connection in the MultimasterAPI.dll file?

Enumeration

We are given the credentials Administrator:xcyj8izxNVzhf4z and a dynamic-linked libraty MultimasterAPI.dll to analyze, so the first thing was loggin into the box and search for this file, we get 3 hits, but from the path I decide to start with the first one.

Decompiling the .dll using dnSpy

As the library is a .NET DLL we can use the already provided tool dnSpy. Let’s open it here

And there is the password we were looking for! This was an easy one.