• We just launched and are currently in beta. Join us as we build and grow the community.

Brute MSSqlPwner - An Advanced And Versatile Pentesting Tool

Xhiu

Covert Data Collector
X
X Rep
0
0
0
Rep
0
X Vouches
0
0
0
Vouches
0
Posts
52
Likes
149
Bits
0
2 MONTHS
2 2 MONTHS OF SERVICE
LEVEL 1 200 XP
You must upgrade your account or reply in the thread to view hidden text.

Contribute to ScorpionesLabs/MSSqlPwner development by creating an account on GitHub.
  • Command Execution: Execute commands using the following functions:
  • xp_cmdshell on local server or on linked servers
  • sp_oacreate (Ole Automation Procedures) on local server or on linked servers
  • NTLM Hash Stealing and Relay: Issue NTLM relay or steal NTLM hashes using the following functions:
  • xp_dirtree on local server or on linked servers
  • xp_subdirs on local server or on linked servers
  • xp_fileexist on local server or on linked servers
  • Encapsulated Commands and Queries: Execute incapsulated commands or queries using the following options:
  • execute_command on local server or on linked servers
  • run_query on local server or on linked servers
  • run_query_system_service on local server or on linked servers as system user
  • Direct Queries
  • direct_query - execute direct queries on local or linked servers as system user.
Lateral Movement and Chain Exploration:
MSSqlPwner provides opportunities for lateral movement assessments and exploration of linked servers. In scenarios where the current session lacks administrative privileges, the tool attempts to find a chain that escalates its own privileges via linked servers. If a session on a linked server has higher privileges, the tool can interact with the linked server and perform a linked query back to the host with elevated privileges, enabling lateral movement with the target server.
Authentication Methods:
Supported by multiple authentication methods, including:
  • Windows credentials
  • MSSQL credentials
  • Kerberos authentication
  • Kerberos tickets
  • NTLM Hashes
The tool adapts to various scenarios and environments, verifying the effectiveness of authentication mechanisms.
Take your MSSQL environment assessments to the next level with the power and versatility of MSSqlPwner. Discover new possibilities for lateral movement, stealthy querying, and precise security evaluations with this the MSSqlPwner tool.
Installation
git clone
You must upgrade your account or reply in the thread to view hidden text.
cd MSSqlPwner
pip3 install -r requirements.txt
python3 MSSqlPwner.py
Usage
 
You must log in or register to reply here.

452,292

323,341

323,350

R rathi
Top