CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/documentation/modules/auxiliary/admin/mssql/mssql_exec.md
Views: 1904
Description
This module will execute a Windows command on a MSSQL/MSDE instance via the xp_cmdshell (default) or the sp_oacreate procedure (more opsec safe, no output, no temporary data table). A valid username and password is required to use this module. The sp_oacreate function is used in metasploit to rebuild the xp_cmdshell stored procedure but can be used directly to get code execution which is the more opsec safe way.
Options
TECHNIQUE
Technique to use for command execution.
When xp_cmdshell is selected, the corresponding stored procedure is used. The xp_cmdshell stored procedure is disabled by default, but Metasploit will attempt to enable it which requires elevated privileges. This technique returns the output when the command was successfully run. If this technique fails, the module will attempt to use the sp_oacreate technique instead.
When sp_oacreate is selected, a more stealthy technique will be used however no command output will be available. This technique leverages the sp_OACreate stored procedure to create an instance of an OLE object and invokes wscript.shell.
Verification Steps
Do:
use use admin/mssql/mssql_execDo:
set USERNAME [username1]Do:
set PASSWORD [password1]Do:
set TECHNIQUE sp_oacreate(optional, defaults to xp_cmdshell)Do:
set RHOSTS [IP]Do:
set CMD [command]Do:
run