← 返回命令列表

Linux command

nxc-mssql 命令

文本

复制后可按需替换文件名、目录或参数。

常用示例

Test MSSQL credentials against a target

nxc mssql [192.168.1.100] -u [user] -p [password]

Authenticate using local authentication instead of Windows auth

nxc mssql [target] -u [sa] -p [password] --local-auth

Execute a SQL query

nxc mssql [target] -u [sa] -p [password] -q "[SELECT @@version]"

Execute an OS command via xp_cmdshell

nxc mssql [target] -u [sa] -p [password] -x "[whoami]"

Check for privilege escalation paths

nxc mssql [target] -u [user] -p [password] -M mssql_priv

Attempt privilege escalation to sysadmin

nxc mssql [target] -u [user] -p [password] -M mssql_priv -o ACTION=privesc

说明

nxc mssql is the Microsoft SQL Server protocol module of NetExec (formerly CrackMapExec). It tests credentials, executes SQL queries, runs OS commands, and supports privilege escalation against MSSQL targets. The tool supports Windows (NTLM/Kerberos) and local SQL Server authentication. It can spray credentials across multiple targets, execute queries, and use modules like mssql_priv to check for and exploit privilege escalation paths.

参数

-u _user_
Username for authentication.
-p _pass_
Password for authentication.
-q _query_
Execute a SQL query on the target.
-x _cmd_
Execute an OS command via xp_cmdshell.
--local-auth
Use local authentication instead of Windows domain authentication.
--port _port_
MSSQL port (default: 1433).
-M _module_
Run a specific module (e.g., mssql_priv).
-o _KEY=VALUE_
Module options (e.g., ACTION=privesc).
--put-file _src_ _dst_
Upload a file to the target system.
--get-file _src_ _dst_
Download a file from the target system.

FAQ

What is the nxc-mssql command used for?

nxc mssql is the Microsoft SQL Server protocol module of NetExec (formerly CrackMapExec). It tests credentials, executes SQL queries, runs OS commands, and supports privilege escalation against MSSQL targets. The tool supports Windows (NTLM/Kerberos) and local SQL Server authentication. It can spray credentials across multiple targets, execute queries, and use modules like mssql_priv to check for and exploit privilege escalation paths.

How do I run a basic nxc-mssql example?

Run `nxc mssql [192.168.1.100] -u [user] -p [password]` in a terminal, then adjust file names, paths, flags, or remote targets for your system.

What does -u _user_ do in nxc-mssql?

Username for authentication.