NetExec Github

MSSQL Command Execution

Execute MSSQL command using NetExec

Execute MSSQL commands

nxc mssql 10.10.10.52 -u admin -p 'm$$ql_S@_P@ssW0rd!' --local-auth -q 'SELECT name FROM master.dbo.sysdatabases;'

Expected Results:

MSSQL       10.10.10.52     1433   None             [+] admin:m$$ql_S@_P@ssW0rd! (Pwn3d!)
MSSQL       10.10.10.52     1433   None             name
MSSQL       10.10.10.52     1433   None             --------------------------------------------------------------------------------------------------------------------------------
MSSQL       10.10.10.52     1433   None             master
MSSQL       10.10.10.52     1433   None             tempdb
MSSQL       10.10.10.52     1433   None             model
MSSQL       10.10.10.52     1433   None             msdb
MSSQL       10.10.10.52     1433   None             orcharddb

When playing with MSSQL, you can use the tool MSDAT from quentinhardy

LogoGitHub - quentinhardy/msdat: MSDAT: Microsoft SQL Database Attacking ToolGitHub

Example

Mantis machine is a good example to test MSSQL procotol with NetExec

https://www.hackthebox.eu/home/machines/profile/98www.hackthebox.eu
PreviousMSSQL PrivEscNextMSSQL Upload & Download

Last updated

Was this helpful?