Windows command
Execute Windows Command
This option use xp_cmdshell to exec command on the remote host.
nxc mssql <target> -u <username> -p '<password>' --local-auth -x whoami
MSSQL <target> 1433 None [+] <username>:<password> (Pwn3d!)
MSSQL <target> 1433 None [+] Executed command via mssqlexec
MSSQL <target> 1433 None --------------------------------------------------------------------------------
MSSQL <target> 1433 None domain\user
If permission is DENIED:
MSSQL <target> 1433 None [+] <username>:<password> (Pwn3d!)
MSSQL <target> 1433 None [-] ERROR(SERVER\SQLEXPRESS): Line 1: The EXECUTE permission was denied on the object 'xp_cmdshell', database 'mssqlsystemresource', schema 'sys'.
MSSQL <target> 1433 None [+] Executed command via mssqlexec
MSSQL <target> 1433 None None
{% hint style="info" %}
When playing with MSSQL, you can use the tool MSDAT from quentinhardy
{% endhint %}
{% embed url="https://github.com/quentinhardy/msdat" %}