Interacting with MSSQL

Using sqsh

$ sqsh -S 10.129.20.13 -U username -P Password123

Using sqlcmd (Priority)

C:\htb> sqlcmd -S 10.129.20.13 -U username -P Password123

Using mssqlclient.py (Impacket)

$ mssqlclient.py -p 1433 julio@10.129.203.7

Using dbeaver (GUI)

Note

For MSSQL, when we want to use windows auth during login, SERVERNAME\\accountname or .\\accountname

$ sqsh -S 10.129.203.7 -U .\\julio -P 'MyPassword!' -h

Commands

Show databases

1> SELECT name FROM master.dbo.sysdatabases
2> GO

Use Database

1> USE htbusers
2> GO

Changed database context to 'htbusers'.

Show tables

1> SELECT table_name FROM htbusers.INFORMATION_SCHEMA.TABLES
2> GO

table_name
--------------------------------
actions
permissions
permissions_roles
permissions_users
roles      
roles_users
settings
users 
(8 rows affected)

Select all data from table

1> SELECT * FROM users
2> go

id          username             password         data_of_joining
----------- -------------------- ---------------- -----------------------
          1 admin                p@ssw0rd         2020-07-02 00:00:00.000
          2 administrator        adm1n_p@ss       2020-07-02 11:30:50.000
          3 john                 john123!         2020-07-02 11:47:16.000
          4 tom                  tom123!          2020-07-02 12:23:16.000

(4 rows affected)

PreviousMSSQL (1433)NextOracle TNS (1521)

Last updated 2 years ago