Welcome
News
Logo & Banner
Changelog
Getting Started
SMB protocol
LDAP protocol
WINRM protocol
MSSQL protocol
SSH protocol
FTP protocol
RDP Protocol
WMI Protocol
NFS Protocol
- 🆕Enumeration
- 🆕Download and Upload Files

Powered by GitBook

On this page

Was this helpful?

Authentication

PreviousPassword Spraying NextMSSQL PrivEsc

Last updated 6 months ago

Testing credentials

You can use two methods to authenticate to MSSQL: windows or local (default: windows). To use local auth, add the following flag --local-auth

Windows auth

With SMB port open

With SMB port close, add the flag -d DOMAIN

Expected Results:

Local auth

Expected Results:

Specify Ports

Testing credentials
Windows auth
Local auth
Specify Ports

#~ nxc mssql 10.10.10.52 -u james -p 'J@m3s_P@ssW0rd!'

#~ nxc mssql 10.10.10.52 -u james -p 'J@m3s_P@ssW0rd!' -d HTB

MSSQL       10.10.10.52     1433   MANTIS           [+] HTB\james:J@m3s_P@ssW0rd!

#~ nxc mssql 10.10.10.52 -u admin -p 'm$$ql_S@_P@ssW0rd!' --local-auth

MSSQL       10.10.10.52     1433   None             [+] admin:m$$ql_S@_P@ssW0rd! (Pwn3d!)

#~ nxc mssql 10.10.10.52 -u admin -p 'm$$ql_S@_P@ssW0rd!' --port 1434