HTB Querier Writeup — MSSQL Exploitation (2026)
SMB guest access → Excel macro with MSSQL creds → Responder hash steal via xp_dirtree → xp_cmdshell → reverse shell.
SMB guest access → Excel macro with MSSQL creds → Responder hash steal via xp_dirtree → xp_cmdshell → reverse shell.