Interacting with MSSQL

Using sqsh

$ sqsh -S 10.129.20.13 -U username -P Password123

Using sqlcmd (Priority)

C:\htb> sqlcmd -S 10.129.20.13 -U username -P Password123

Using mssqlclient.py (Impacket)

$ mssqlclient.py -p 1433 julio@10.129.203.7

Using dbeaver (GUI)

Note

For MSSQL, when we want to use windows auth during login, SERVERNAME\\accountname or .\\accountname

$ sqsh -S 10.129.203.7 -U .\\julio -P 'MyPassword!' -h

Commands

Show databases

1> SELECT name FROM master.dbo.sysdatabases
2> GO

Use Database

1> USE htbusers
2> GO

Changed database context to 'htbusers'.

Show tables

1> SELECT table_name FROM htbusers.INFORMATION_SCHEMA.TABLES
2> GO

table_name
--------------------------------
actions
permissions
permissions_roles
permissions_users
roles      
roles_users
settings
users 
(8 rows affected)

Select all data from table

1> SELECT * FROM users
2> go

id          username             password         data_of_joining
----------- -------------------- ---------------- -----------------------
          1 admin                p@ssw0rd         2020-07-02 00:00:00.000
          2 administrator        adm1n_p@ss       2020-07-02 11:30:50.000
          3 john                 john123!         2020-07-02 11:47:16.000
          4 tom                  tom123!          2020-07-02 12:23:16.000

(4 rows affected)

PreviousMSSQL (1433)NextOracle TNS (1521)

Last updated 2 years ago

hashtagUsing sqsh

hashtagUsing sqlcmd (Priority)

hashtagUsing mssqlclient.py (Impacket)

hashtagUsing dbeaver (GUI)

hashtagNote

hashtagCommands

hashtagShow databases

hashtagUse Database

hashtagShow tables

hashtagSelect all data from table

Using sqsh

Using sqlcmd (Priority)

Using mssqlclient.py (Impacket)

Using dbeaver (GUI)

Note

Commands

Show databases

Use Database

Show tables

Select all data from table