reddit hackernews mail facebook facebook linkedin


Microsoft SQL database attacking tool.
#mssql   #sqli  

- get technical information of a MSSQL database without to be authenticated
- load a nnmap file for scanning all MSSQL targets
- search MSSQL accounts with a dictionnary attack
- test each login as password (authentication required)
- get a windows shell on the database server
- download files remotely
- upload files on the server
- capture a SMB authentication
- scan ports through the database
- execute SQL requests on a remote MSSQL server trough the database
- list files/directories
- list drives/medias
- create folder
- search sensitive data in tables
- get database configuration
- extract schema and all tables information
- execute basic SQL commands in a pseudo SQL shell