enumeration

Hack Tricks: 1433 - Pentesting MSSQL - Microsoft SQL Server - HackTricks

Nmap scan

sudo nmap --script ms-sql-info,ms-sql-empty-password,ms-sql-xp-cmdshell,ms-sql-config,ms-sql-ntlm-info,ms-sql-tables,ms-sql-hasdbaccess,ms-sql-dac,ms-sql-dump-hashes --script-args mssql.instance-port=1433,mssql.username=sa,mssql.password=,mssql.instance-name=MSSQLSERVER,ms-sql-xp-cmdshell.cmd='whoami' -sV -p 1433 "$ip"

MSF enum

mssql_ntlm_stealer
mssql_enum_domain_accounts
mssql_enum_sql_logins
mssql_findandsampledata
mssql_hashdump
mssql_schemadump

Connect to mssql

impacket-mssqlclient Administrator@"$ip" -windows-auth

Database commands

select name from sys.databases;  # show all database

Previousconnect-to-mssql Nextimpersonate-users

Last updated 1 day ago

hashtagNmap scan

hashtagMSF enum

hashtagConnect to mssql

Nmap scan

MSF enum

Connect to mssql