MSSQL
Port: 1433
Nmap Scripts
Get information about the target SQL server
nmap --script ms-sql-info -p 1433 <IP addr>Check NTLM authentication
nmap -p 1433 --script ms-sql-ntlm-info --script-args mssql.instance-port=1433 <IP addr>Find valid SQL username/password
nmap -p 1433 --script ms-sql-brute --script-args userdb=/root/Desktop/Wordlist/common_users.txt,passdb=/root/Desktop/Wordlist/100-common-passwords.txt <IP addr>Check if 'sa' user is configured with empty password or not
nmap -p 1433 --script ms-sql-empty-password <IP addr>Extract all user login
nmap -p 1433 --script ms-sql-query --script-args mssql.username=admin,mssql.password=<password>,ms-sql-query.query="SELECT * FROM master..syslogins" <IP addr> -oN output.txtExtract all SQL users hashes
nmap -p 1433 --script ms-sql-dump-hashes --script-args mssql.username=admin,mssql.password=<password> <IP addr>Execute commands on the target machine
Metasploit
Run msfconsole
Run MSSQL Login Module
Run MSSQL Enumeration Module
Run MSSQL User Enumeration Module
Execute Command
Enumerate all target machine accounts
Linux CLI
Connect to target MSSQL Server using MSSQL CLI Python utility
Get SQL Server version details
Checking target server hostname
Extracting SQL logins
Check all the available databases
Check all sys users
Extracting SQL users hashes
Check if xp_cmdshell is enabled or not
Enable xp_cmdshell
Execute sys command using xp_cmdshell
SQLCMD
Connect to target MSSQL machine using sqlcmd utility
Check MSSQL version details
Check current database
Check current machine hostname
Extract all sys logins
Extract all available databases
Extract SQL users hashes
Get details of xp_cmdshell
Last updated
Was this helpful?