Enumerate MSSQL servers with CrackMap & Impacket
CrackMapExec
Let’s try with crackmapexec

Now we could try with the user miguel.ortiz
As we can see we got an access to the database
Impacket
To enumerate and use impacket mssql, i made a modified version of the example mssqlclient.py.
You can find the version here
The install is just like what we done in part5 merge the PR on your local impacket project and relaunch install:
We connect to the mssql server with the following command :
And type help:
I added some new entries to the database : enum_db/enum_links/enum_impersonate/enum_login/enum_owner/exec_as_user/exec_as_login/use_link/show_query/mask_query
Let’s start the enumeration :
This launch the following query (roles value meaning can be show here)
We see only a basic view as we are a simple user

Last updated