mssqlclient.py

Connect to an MSSQL server using Windows authentication

$ mssqlclient.py -windows-auth [domain]/[username]:[password]@[target]

$ mssqlclient.py [username]:[password]@[target]

$ mssqlclient.py [domain]/[username]@[target] -hashes [LM_Hash]:[NT_Hash]

$ mssqlclient.py -k [domain]/[username]@[target]

$ mssqlclient.py [username]:[password]@[target] -query "[SELECT user_name();]"

$ mssqlclient.py [username]:[password]@[target] -file [path/to/sql_file.sql]

$ mssqlclient.py [username]:[password]@[target] -db [database_name]

$ mssqlclient.py [username]:[password]@[target] -show

mssqlclient.py [options] account@target

-debug
    Turn DEBUG output ON

-ts
    Adds timestamp to every line

-hashes LM:NTLM
    NTLM hashes, format is LM:NTLM

-no-pass
    Don't ask for password.

-k
    Use Kerberos authentication. Grabs credentials from ccache file (KRB5CCNAME environment variable). If valid credentials cannot be found, it will use username/password.

-aesKey hex key
    AES key to use for Kerberos Authentication (128 or 256 bits)

-dc-ip domain controller IP
    IP Address of the domain controller. If omitted it will use the domain part (FQDN) specified in the account parameter.

-port port
    Destination port to connect to (default 1433)

-database database_name
    Database to connect to (default master)

-windows-auth
    Use Windows Authentication (SSPI)

-file filename
    Execute SQL statements from file

-codec codec
    Sets the encoding used (codec) from the target's output (default utf-8)

-spn spn
    Override the Service Principal Name

mssqlclient.py is a Python-based command-line tool designed for interacting with Microsoft SQL Server databases. It provides a versatile interface for executing SQL queries, managing database objects, and performing other administrative tasks. This tool is commonly used for penetration testing, database auditing, and general database management, especially in environments where direct access to the SQL Server Management Studio (SSMS) may be restricted or unavailable. mssqlclient.py is a part of the Impacket library, which focuses on network protocols implementation with a focus on providing low-level programmatic access to network packets. It supports various authentication methods, including username/password, NTLM, and Kerberos. The tool allows for both interactive sessions and the execution of SQL scripts from files.

By leveraging libraries like pyodbc (potentially) within its implementation, mssqlclient.py establishes connections and sends/receives data over the TDS protocol, SQL Server's proprietary network protocol. This client is particularly useful in Linux environments, providing a similar functionality to SSMS but within the command-line context.

Requires the Impacket library to be installed. The specific Python dependencies may vary based on the authentication method and features used. Some functionalities might be limited based on user permissions within the SQL Server instance.

mssqlclient.py supports various authentication methods, including username/password, NTLM, Kerberos, and Windows Authentication (SSPI). The choice of authentication depends on the configuration of the SQL Server instance and the available credentials.

The -file option allows the execution of SQL scripts, making it suitable for automated tasks and database administration. This enables the user to run a series of commands without manually typing them into the interactive shell.

mssqlclient.py is developed as part of the Impacket library, which aims to provide a collection of network protocols. It is widely used in security auditing and penetration testing due to its ability to connect to SQL servers with various authentication methods, often bypassing typical security measures. Its development focuses on providing a flexible and scriptable interface for interacting with SQL Server.

sqlcmd(1)