SQL Server is common service when exposed to the outer world.
Requires: With valid credentials commands can be executed on the victim
Identifying Passwords
# from tally htbSERVER=TALLY,1433;DATABASE=orcharddb;UID=sa;PWD=GWE3V65#6KFH93@4GWTG2G;# example formatPROVIDER=DNOSCPDB;DATASOURCE=HOME;UserID=sa;PWD=cyb3rs3cn00b;DATABASE=rfdb
Connecting to server
# sqsh -S $ip -U sa -P $passsqsh-S10.10.10.59-Usa-P"GWE3V65#6KFH93@4GWTG2G"# via mysqlclientimpacket-mssqlclient -db orcharddb -windows-auth <DOMAIN>/<USERNAME>:<PASSWORD>@<IP> #Recommended -windows-auth when you are going to use a domain. use as domain the netBIOS name of the machine