From 13dc1d169df63a6e8dc3a908cbe20c54ca85b324 Mon Sep 17 00:00:00 2001 From: Juri Dispan Date: Mon, 28 Oct 2024 06:40:45 +0100 Subject: [PATCH] nxc-mssql: add page (#14385) --- pages/common/nxc-mssql.md | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 pages/common/nxc-mssql.md diff --git a/pages/common/nxc-mssql.md b/pages/common/nxc-mssql.md new file mode 100644 index 0000000000..5604ece31e --- /dev/null +++ b/pages/common/nxc-mssql.md @@ -0,0 +1,28 @@ +# nxc mssql + +> Pentest and exploit Microsoft SQL servers. +> More information: . + +- Search for valid credentials by trying out every combination in the specified lists of [u]sernames and [p]asswords: + +`nxc mssql {{192.168.178.2}} -u {{path/to/usernames.txt}} -p {{path/to/passwords.txt}}` + +- Execute the specified SQL [q]uery on the target server: + +`nxc mssql {{192.168.178.2}} -u {{username}} -p {{password}} --query '{{SELECT * FROM sys.databases;}}'` + +- Execute the specified shell command on the target server through MSSQL: + +`nxc mssql {{192.168.178.2}} -u {{username}} -p {{password}} -x {{whoami}}` + +- Execute the specified PowerShell command on the target server through MSSQL without retrieving output: + +`nxc mssql {{192.168.178.2}} -u {{username}} -p {{password}} -X {{whoami}} --no-output` + +- Download a remote file from the target server and store it in the specified location: + +`nxc mssql {{192.168.178.2}} -u {{username}} -p {{password}} --get-file {{C:\path\to\remote_file}} {{path/to/local_file}}` + +- Upload a local file to the specified location on the target server: + +`nxc mssql {{192.168.178.2}} -u {{username}} -p {{password}} --put-file {{path/to/local_file}} {{C:\path\to\remote_file}}`