MSSQL command

Execute MSSQL command using CrackMapExec

Execute MSSQL command
cme mssql 10.10.10.52 -u admin -p '[email protected][email protected]!' --local-auth -q 'SELECT name FROM master.dbo.sysdatabases;'
Expected Results:
MSSQL       10.10.10.52     1433   None             [+] admin:[email protected][email protected]! (Pwn3d!)
MSSQL       10.10.10.52     1433   None             name
MSSQL       10.10.10.52     1433   None             --------------------------------------------------------------------------------------------------------------------------------
MSSQL       10.10.10.52     1433   None             master
MSSQL       10.10.10.52     1433   None             tempdb
MSSQL       10.10.10.52     1433   None             model
MSSQL       10.10.10.52     1433   None             msdb
MSSQL       10.10.10.52     1433   None             orcharddb
When playing with MSSQL, you can use the tool MSDAT from quentinhardy​
GitHub - quentinhardy/msdat: MSDAT: Microsoft SQL Database Attacking Tool
MSDAT: Microsoft SQL Database Attacking Tool. Contribute to quentinhardy/msdat development by creating an account on GitHub.
github.com
Example
Mantis machine is a good example to test MSSQL procotol with CrackMapExec
https://www.hackthebox.eu/home/machines/profile/98
www.hackthebox.eu
​

MSSQL protocol - Previous

MSSQL Privesc

Next - MSSQL protocol

Windows command

Last updated 11 months ago