Not a Pentester Academy student? Try our Free Communitiy Labs
A Windows machine and a target machine running an MSSQL service are provided to you.
Your task is to fingerprint the service using the tools available on the Windows machine and run SQLCMD to enumerate the Windows target machine MSSQL service.
- Identify MSSQL Database Server
- Discover high privileged users
- Discover all databases
- Identify xp_cmdshell configuration
- Discover SQL users hashes
The following username and password may be used to access the service:
- Your Kali machine has an interface with IP address 10.10.X.Y. Run “ip addr” to know the values of X and Y.
- The IP address of the target machine is mentioned in the file “/root/Desktop/target”
- Do not attack the gateway located at IP address 192.V.W.1 and 10.10.X.1
|1.||xp_cmdshell is enabled or disabled?||
- Using automated scanners
- Using brute force attacks
- Denial of Service attacks
- Attacking the lab infrastructure
Users violating the above will be either temporarily or permanently banned from the website.
Technical Support for this Lab:
We currently provide technical support limited to:
- Giving hints for a lab exercise
- A lab exercise fails to load or has errors in it