MSSQL command

Execute MSSQL command using CrackMapExec

Execute MSSQL command
cme mssql 10.10.10.52 -u admin -p '[email protected][email protected]!' --local-auth -q 'SELECT name FROM master.dbo.sysdatabases;'
Expected Results:
MSSQL       10.10.10.52     1433   None             [+] admin:[email protected][email protected]! (Pwn3d!)
MSSQL       10.10.10.52     1433   None             name
MSSQL       10.10.10.52     1433   None             --------------------------------------------------------------------------------------------------------------------------------
MSSQL       10.10.10.52     1433   None             master
MSSQL       10.10.10.52     1433   None             tempdb
MSSQL       10.10.10.52     1433   None             model
MSSQL       10.10.10.52     1433   None             msdb
MSSQL       10.10.10.52     1433   None             orcharddb
When playing with MSSQL, you can use the tool MSDAT from quentinhardy​
GitHub - quentinhardy/msdat: MSDAT: Microsoft SQL Database Attacking Tool
GitHub
Example
Mantis machine is a good example to test MSSQL procotol with CrackMapExec
https://www.hackthebox.eu/home/machines/profile/98
www.hackthebox.eu
​

MSSQL protocol - Previous

MSSQL Privesc

Next - MSSQL protocol

MSSQL upload/download

Last modified 2yr ago