#1
Quote:
[Image: 3171e8138293ad7d52ce40c3214cea262d2a0496_2_500x500.jpeg]

Introduction
Metasploit is an excellent framework developed by H. D. Moore. It is a free and lightweight tool for penetration testing. It is open-source and cross-platform and has a range of features. Its popularity rests primarily on the fact that it is a powerful tool for auditing security. While this is true, it also has many features that can help people protect themselves. Personally speaking, this is my go-to tool for testing as it encapsulates the exploit a pentester can ever need. Through this article, we will learn how to use Metasploit to exploit MSSQL. Therefore, we will go through every exploit Metasploit has to offer step by step, from finding the MSSQL server in the network to retrieving the sensitive information from the database and gaining control. Without any further ado, let us begin.

Contents

Introduction…
Information Gathering & Enumeration …
Locating MSSQL Server …
Password Cracking …
Retrieving MSSQL version…
MSSQL Enumeration …
SQL Users Enumeration…
Capturing MSSQL login…
Creating Database…
Dumping Database…
SchemaDump…
Hashdump…
Command Execution …
Xp_cmdshell…
MSSQl_exec …
CLR Assembly …
Privilege Escalation …
Public to Sysadmin…
Impersonation…


Hidden Content
[Image: My-Signature.gif]