impacket-mssqlclient

View documentation for the original command

$ tldr mssqlclient.py

impacket-mssqlclient target [options]

-debug
    Turn DEBUG output ON

-hashes LMhash:NThash
    NTLM hashes, format is LMhash:NThash

-no-pass
    Don't ask for password (useful for -k)

-k
    Use Kerberos authentication. Grabs credentials from ccache file (KRB5CCNAME environment variable)

-aesKey hex key
    AES key to use for Kerberos Authentication (128 or 256 bits)

-dc-ip ip address
    IP Address of the domain controller. If omitted it will use the domain part (FQDN) specified in the target parameter

-query query
    Execute the specified SQL query

-file filename
    Execute SQL queries from the specified file

-port port
    Destination port to connect to (default 1433)

-db database_name
    Database to use

impacket-mssqlclient is a Python script from the Impacket library that allows you to interact with Microsoft SQL Server (MSSQL) instances using the Tabular Data Stream (TDS) protocol. It provides a command-line interface for executing SQL queries, retrieving data, and performing other database operations. It is particularly useful for penetration testing and security auditing as it allows for authentication using various methods, including password hashes and Kerberos, bypassing traditional security measures.

The script supports different authentication mechanisms such as username/password, NTLM hash, Kerberos authentication (including AS-REQ Roasting and AS-REP Roasting), and can execute operating system commands if the user has sufficient privileges on the MSSQL server (via xp_cmdshell or similar). impacket-mssqlclient is a powerful tool for interacting with MSSQL servers in various security contexts.

Requires the Impacket library to be installed. The user account specified must have the necessary permissions on the MSSQL server to perform the desired actions. Some features, like command execution, require specific configurations and privileges on the MSSQL server.

The target parameter should be in the format 'domain/username:password@server' or 'username:password@server'. The domain is optional but required for Kerberos authentication or if the target is not in the same domain.

The tool supports various authentication methods: Standard (username and password), NTLM Hash (using the -hashes parameter), and Kerberos (using the -k parameter). Kerberos authentication requires a valid Kerberos ticket in the ccache file (KRB5CCNAME environment variable) or can be configured using additional Kerberos-related parameters.

impacket-mssqlclient is part of the Impacket collection of network protocol implementations, focusing on providing tools for security assessments and penetration testing. It was developed to enable more flexible and advanced interaction with MSSQL servers compared to standard tools, particularly in situations where traditional authentication methods are not sufficient.