🐚 GTFOBins πŸͺŸ LOLBAS πŸ’Ύ Compiled Binaries 🩸 BloodHound 🩸 bloodyAD πŸ“œ Certipy ☁️ Cloud ⚑ goexec πŸ€– HackTricks πŸ”Œ HardwareATT πŸ“¦ Impacket 🏰 InternalATT πŸ”€ Ligolo-ng 🐱 Mimikatz πŸ’£ msfvenom πŸ”§ NetExec πŸ€– OSAI πŸ’₯ PATT 🍳 Recipes 🎟️ Rubeus 🐍 Sliver
πŸ”§ NetExec Wiki / MSSQL command

MSSQL command

Execute MSSQL commands

nxc mssql <target> -u <username> -p '<password>' --local-auth -q 'SELECT name FROM master.dbo.sysdatabases;'

Expected Results:

MSSQL       <target>     1433   None             [+] <username>:<password> (Pwn3d!)
MSSQL       <target>     1433   None             name
MSSQL       <target>     1433   None             --------------------------------------------------------------------------------------------------------------------------------
MSSQL       <target>     1433   None             master
MSSQL       <target>     1433   None             tempdb
MSSQL       <target>     1433   None             model
MSSQL       <target>     1433   None             msdb
MSSQL       <target>     1433   None             orcharddb

{% hint style="info" %}
When playing with MSSQL, you can use the tool MSDAT from quentinhardy
{% endhint %}

{% embed url="https://github.com/quentinhardy/msdat" %}

Example

Mantis machine is a good example to test MSSQL procotol with NetExec

{% embed url="https://www.hackthebox.com/machines/mantis" %}