MSSQL Studio

MSSQL has tight integration with Active Directory and .NET. MSSQL Server is similar to SQL but is more of a dialect Transact-SQL (T-SQL), which extends it with programming, local variable and support functions.

Basic Connect

# Connect
impacket-mssqlclient mczen:'pass@123'@10.10.15.129

# Check user
SELECT SYSTEM_USER;

Connecting to and managing MSSQL Server instances is done with Microsoft SQL Server Management Studio (SSMS) or sqlcmd.

Enumerating Server logins

There are logins and users, both types of security principals. Logins are server-level and users are database-level.

# Enumerate logins and server roles
SELECT r.name, r.type_desc, r.is_disabled, sl.sysadmin, sl.securityadmin, sl.serveradmin, sl.setupadmin, sl.processadmin, sl.diskadmin, sl.dbcreator, sl.bulkadmin
FROM master.sys.server_principals r
LEFT JOIN master.sys.syslogins sl ON sl.sid = r.sid
WHERE r.type IN ('S','E','X','U','G');

Enumerating Database

Check databases and what principals owns them.

SELECT a.name AS 'database', b.name AS 'owner', is_trustworthy_on
FROM sys.databases a
JOIN sys.server_principals b ON a.owner_sid = b.sid;

Enumerating Database Users

USE webshop;
EXECUTE sp_helpuser;

Last updated 5 months ago

Was this helpful?