{"id":1174,"date":"2024-11-14T12:42:35","date_gmt":"2024-11-14T12:42:35","guid":{"rendered":"https:\/\/hackmybox.com\/?p=1174"},"modified":"2025-09-08T16:30:02","modified_gmt":"2025-09-08T16:30:02","slug":"footprinting-microsoft-sql","status":"publish","type":"post","link":"https:\/\/hackmybox.com\/index.php\/2024\/11\/14\/footprinting-microsoft-sql\/","title":{"rendered":"Footprinting Microsoft SQL"},"content":{"rendered":"<div class=\"vce-row-container\" data-vce-boxed-width=\"true\"><div class=\"vce-row vce-row--col-gap-30 vce-row-equal-height vce-row-content--top\" id=\"el-04259b53\" data-vce-do-apply=\"all el-04259b53\"><div class=\"vce-row-content\" data-vce-element-content=\"true\"><div class=\"vce-col vce-col--md-auto vce-col--xs-1 vce-col--xs-last vce-col--xs-first vce-col--sm-last vce-col--sm-first vce-col--md-last vce-col--lg-last vce-col--xl-last vce-col--md-first vce-col--lg-first vce-col--xl-first\" id=\"el-cb3081c1\"><div class=\"vce-col-inner\" data-vce-do-apply=\"border margin background  el-cb3081c1\"><div class=\"vce-col-content\" data-vce-element-content=\"true\" data-vce-do-apply=\"padding el-cb3081c1\"><div class=\"vce-text-block\"><div class=\"vce-text-block-wrapper vce\" id=\"el-4ba3d941\" data-vce-do-apply=\"all el-4ba3d941\"><h3 style=\"text-align: center;\"><span style=\"color: #00ff00;\"><strong>(Insights from HTB Academy)<\/strong><\/span><\/h3><\/div><\/div><div class=\"vce-text-block\"><div class=\"vce-text-block-wrapper vce\" id=\"el-9b1a60ca\" data-vce-do-apply=\"all el-9b1a60ca\"><p><span style=\"color: #00ff00;\">Microsoft SQL (MSSQL)<\/span> is Microsoft's SQL-based relational database system, widely used on Windows, especially with .NET applications.<\/p><p><span style=\"color: #00ff00;\">Security and Footprinting:<\/span> Vulnerabilities arise from weak credentials, lack of encryption, and self-signed certificates. For security assessments, tools like <span style=\"color: #00ff00;\">Nmap and Metasploit (mssql_ping)<\/span> provide valuable information about server configurations. Impacket\u2019s <span style=\"color: #00ff00;\">mssqlclient.py<\/span> enables direct interaction with the database using credentials.<\/p><p>This overview highlights key MSSQL features, vulnerabilities, and tools for understanding and securing MSSQL environments.<\/p><\/div><\/div><div class=\"vce-text-block\"><div class=\"vce-text-block-wrapper vce\" id=\"el-ad829fea\" data-vce-do-apply=\"all el-ad829fea\"><p>1. On the Metasploit console, search for the <code>mssql_ping<\/code> module and load it.<\/p><p><span style=\"color: #00ff00;\">msf6 &gt; use auxiliary\/scanner\/mssql\/mssql_ping<\/span><\/p><\/div><\/div><div class=\"vce-text-block\"><div class=\"vce-text-block-wrapper vce\" id=\"el-11c0a26e\" data-vce-do-apply=\"all el-11c0a26e\"><p>2.&nbsp; Set the <strong>RHOST<\/strong> to defines the target IP address.<\/p><p><span style=\"color: #00ff00;\">msf6 auxiliary(scanner\/mssql\/mssql_ping) &gt; set RHOSTS 10.129.151.50<\/span><\/p><\/div><\/div><div class=\"vce-text-block\"><div class=\"vce-text-block-wrapper vce\" id=\"el-d10c460e\" data-vce-do-apply=\"all el-d10c460e\"><p>3. Run the module to check if the MSSQL service is available:<\/p><p><span style=\"color: #00ff00;\">msf6 auxiliary(scanner\/mssql\/mssql_ping) &gt; run<\/span><\/p><\/div><\/div><div class=\"vce-single-image-container vce-single-image--align-left\"><div class=\"vce vce-single-image-wrapper\" id=\"el-7c3d51df\" data-vce-do-apply=\"all el-7c3d51df\"><figure><div class=\"vce-single-image-figure-inner\" style=\"width: 1024px;\"><div class=\"vce-single-image-inner vce-single-image--absolute\" style=\"width: 100%; padding-bottom: 54.1016%;\"><img loading=\"lazy\" decoding=\"async\" class=\"vce-single-image\"  width=\"1024\" height=\"554\" srcset=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/11\/mssql1-1-1024x555.png 1024w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/11\/mssql1-1-320x173.png 320w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/11\/mssql1-1-480x260.png 480w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/11\/mssql1-1-800x433.png 800w\" src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/11\/mssql1-1-1024x555.png\" data-img-src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/11\/mssql1-1.png\" data-attachment-id=\"1176\"  alt=\"\" title=\"mssql1\" \/><\/div><\/div><figcaption hidden=\"\"><\/figcaption><\/figure><\/div><\/div><div class=\"vce-raw-html\"><div class=\"vce-raw-html-wrapper\" id=\"el-a16e8b11\" data-vce-do-apply=\"all el-a16e8b11\"><script async=\"\" src=\"https:\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-1499161372675368\" crossorigin=\"anonymous\"><\/script>\n<ins class=\"adsbygoogle\" style=\"display:block\" data-ad-format=\"fluid\" data-ad-layout-key=\"-c2+73+2h-1m-4u\" data-ad-client=\"ca-pub-1499161372675368\" data-ad-slot=\"8728040126\"><\/ins>\n<script>\n     (adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><\/div><\/div><div class=\"vce-text-block\"><div class=\"vce-text-block-wrapper vce\" id=\"el-2cc8b0c1\" data-vce-do-apply=\"all el-2cc8b0c1\"><p><strong>4. Install Impacket (if not already installed)<\/strong>:<\/p><p><span style=\"color: #00ff00;\">git clone https:\/\/github.com\/SecureAuthCorp\/impacket.git<\/span><\/p><p><span style=\"color: #00ff00;\">cd impacket<\/span><\/p><p><span style=\"color: #00ff00;\">sudo python3 setup.py install<\/span><\/p><\/div><\/div><div class=\"vce-single-image-container vce-single-image--align-left\"><div class=\"vce vce-single-image-wrapper\" id=\"el-555657ae\" data-vce-do-apply=\"all el-555657ae\"><figure><div class=\"vce-single-image-figure-inner\" style=\"width: 1024px;\"><div class=\"vce-single-image-inner vce-single-image--absolute\" style=\"width: 100%; padding-bottom: 36.3281%;\"><img loading=\"lazy\" decoding=\"async\" class=\"vce-single-image\"  width=\"1024\" height=\"372\" srcset=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/11\/git-1024x372.png 1024w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/11\/git-320x116.png 320w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/11\/git-480x174.png 480w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/11\/git-800x291.png 800w\" src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/11\/git-1024x372.png\" data-img-src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/11\/git.png\" data-attachment-id=\"1177\"  alt=\"\" title=\"git\" \/><\/div><\/div><figcaption hidden=\"\"><\/figcaption><\/figure><\/div><\/div><div class=\"vce-text-block\"><div class=\"vce-text-block-wrapper vce\" id=\"el-25d796d3\" data-vce-do-apply=\"all el-25d796d3\"><p>5. Run <span style=\"color: #00ff00;\">mssqlclient.py<\/span> with Windows Authentication.<\/p><p><span style=\"color: #00ff00;\">python3 \/path\/to\/impacket\/examples\/mssqlclient.py backdoor:Password1@10.129.151.50 -windows-auth<\/span><\/p><\/div><\/div><div class=\"vce-single-image-container vce-single-image--align-left\"><div class=\"vce vce-single-image-wrapper\" id=\"el-0f35b75c\" data-vce-do-apply=\"all el-0f35b75c\"><figure><div class=\"vce-single-image-figure-inner\" style=\"width: 1024px;\"><div class=\"vce-single-image-inner vce-single-image--absolute\" style=\"width: 100%; padding-bottom: 21.9727%;\"><img loading=\"lazy\" decoding=\"async\" class=\"vce-single-image\"  width=\"1024\" height=\"225\" srcset=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/11\/impacket2-1024x225.png 1024w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/11\/impacket2-320x70.png 320w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/11\/impacket2-480x106.png 480w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/11\/impacket2-800x176.png 800w\" src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/11\/impacket2-1024x225.png\" data-img-src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/11\/impacket2.png\" data-attachment-id=\"1178\"  alt=\"\" title=\"impacket2\" \/><\/div><\/div><figcaption hidden=\"\"><\/figcaption><\/figure><\/div><\/div><div class=\"vce-text-block\"><div class=\"vce-text-block-wrapper vce\" id=\"el-f0f909a5\" data-vce-do-apply=\"all el-f0f909a5\"><p>6. Retrieve the names of all databases on the SQL Server<\/p><p><span style=\"color: #00ff00;\">SQL&gt; SELECT name FROM sys.databases;<\/span><\/p><\/div><\/div><div class=\"vce-single-image-container vce-single-image--align-left\"><div class=\"vce vce-single-image-wrapper\" id=\"el-ce7cd22b\" data-vce-do-apply=\"all el-ce7cd22b\"><figure><div class=\"vce-single-image-figure-inner\" style=\"width: 1024px;\"><div class=\"vce-single-image-inner vce-single-image--absolute\" style=\"width: 100%; padding-bottom: 24.1211%;\"><img loading=\"lazy\" decoding=\"async\" class=\"vce-single-image\"  width=\"1024\" height=\"247\" srcset=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/11\/SQL1-1024x248.png 1024w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/11\/SQL1-320x77.png 320w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/11\/SQL1-480x116.png 480w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/11\/SQL1-800x194.png 800w\" src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/11\/SQL1-1024x248.png\" data-img-src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/11\/SQL1.png\" data-attachment-id=\"1179\"  alt=\"\" title=\"SQL1\" \/><\/div><\/div><figcaption hidden=\"\"><\/figcaption><\/figure><\/div><\/div><div class=\"vce vce-separator-container vce-separator--align-center vce-separator--style-solid\" id=\"el-33059395\" data-vce-do-apply=\"margin el-33059395\"><div class=\"vce-separator vce-separator--color-bfc0c1 vce-separator--width-60 vce-separator--thickness-1\" data-vce-do-apply=\"border padding background  el-33059395\"><\/div><\/div><div class=\"vce-text-block\"><div class=\"vce-text-block-wrapper vce\" id=\"el-3bf5ff6a\" data-vce-do-apply=\"all el-3bf5ff6a\"><article id=\"post-1341\" class=\"post-1341 post type-post status-publish format-standard has-post-thumbnail hentry category-active-directory\"><div class=\"kenta-article-content kenta-entry-content clearfix prose prose-kenta mx-auto\"><div class=\"vce-row-container\" data-vce-boxed-width=\"true\"><div id=\"el-f3cc3cae\" class=\"vce-row vce-row--col-gap-30 vce-row-equal-height vce-row-content--top\" data-vce-do-apply=\"all el-f3cc3cae\"><div class=\"vce-row-content\" data-vce-element-content=\"true\"><div id=\"el-0a0d78c7\" class=\"vce-col vce-col--md-auto vce-col--xs-1 vce-col--xs-last vce-col--xs-first vce-col--sm-last vce-col--sm-first vce-col--md-last vce-col--lg-last vce-col--xl-last vce-col--md-first vce-col--lg-first vce-col--xl-first\"><div class=\"vce-col-inner\" data-vce-do-apply=\"border margin background el-0a0d78c7\"><div class=\"vce-col-content\" data-vce-element-content=\"true\" data-vce-do-apply=\"padding el-0a0d78c7\"><div class=\"vce-text-block\"><div id=\"el-6e7300ef\" class=\"vce-text-block-wrapper vce\" data-vce-do-apply=\"all el-6e7300ef\"><p style=\"text-align: center;\">Want to learn more and gain hands-on experience? Sign up with HTB Academy by clicking the link below<\/p><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/article><\/div><\/div><div class=\"vce-button--style-basic-container vce-button--style-basic-container--align-center\"><span class=\"vce-button--style-basic-wrapper vce\" id=\"el-de025221\" data-vce-do-apply=\"margin el-de025221\"><a class=\"vce-button vce-button--style-basic vce-button--style-basic--border-rounded vce-button--style-basic--size-medium vce-button--style-basic--color-b-138-198-10--fff\" href=\"https:\/\/hacktheboxltd.sjv.io\/19DPP6\" title=\"\" data-vce-do-apply=\"padding border background  el-de025221\">Apply Now<\/a><\/span><\/div><\/div><\/div><\/div><\/div><\/div><\/div>\n","protected":false},"excerpt":{"rendered":"<p>(Insights from HTB Academy)Microsoft SQL (MSSQL) is Microsoft&#8217;s SQL-based relational database system, widely used on Windows, especially with .NET applications.Security and Footprinting: Vulnerabilities arise from weak credentials, lack of encryption, and self-signed certificates. For security assessments, tools like Nmap and Metasploit (mssql_ping) provide valuable information about server configurations. Impacket\u2019s mssqlclient.py enables direct interaction with the [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":2018,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"site-container-style":"default","site-container-layout":"default","site-sidebar-layout":"default","site-transparent-header":"default","prose-style":"enable","disable-article-header":"default","disable-site-header":"default","disable-site-footer":"default","disable-content-area-spacing":"default","footnotes":""},"categories":[17],"tags":[],"class_list":["post-1174","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-footprinting"],"_links":{"self":[{"href":"https:\/\/hackmybox.com\/index.php\/wp-json\/wp\/v2\/posts\/1174","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hackmybox.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hackmybox.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hackmybox.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hackmybox.com\/index.php\/wp-json\/wp\/v2\/comments?post=1174"}],"version-history":[{"count":8,"href":"https:\/\/hackmybox.com\/index.php\/wp-json\/wp\/v2\/posts\/1174\/revisions"}],"predecessor-version":[{"id":2070,"href":"https:\/\/hackmybox.com\/index.php\/wp-json\/wp\/v2\/posts\/1174\/revisions\/2070"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/hackmybox.com\/index.php\/wp-json\/wp\/v2\/media\/2018"}],"wp:attachment":[{"href":"https:\/\/hackmybox.com\/index.php\/wp-json\/wp\/v2\/media?parent=1174"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hackmybox.com\/index.php\/wp-json\/wp\/v2\/categories?post=1174"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hackmybox.com\/index.php\/wp-json\/wp\/v2\/tags?post=1174"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}