MSSQL Attacks (Port 1433)

MSSQL is a popular database management system developed by Microsoft. It is widely used in enterprise environments for storing and managing data. As a pentester, understanding how to exploit vulnerabilities in MSSQL can be crucial for assessing the security of systems that rely on this database.

Enumeration using NMAP

nmap -sV -p 1433 --script ms-sql-info 10.10.10.0/24
Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-12-17 21:43 EST
Nmap scan report for sevenkingdoms.local (10.10.10.10)
Host is up (0.00041s latency).

<<SNIP FOR BREVITY >>

Nmap scan report for castelblack.north.sevenkingdoms.local (10.10.10.22)
Host is up (0.0026s latency).

PORT     STATE SERVICE  VERSION
1433/tcp open  ms-sql-s Microsoft SQL Server 2019 15.00.2000.00; RTM
|_ms-sql-info: ERROR: Script execution failed (use -d to debug)

Nmap scan report for braavos.essos.local (10.10.10.23)
Host is up (0.00055s latency).

PORT     STATE SERVICE  VERSION
1433/tcp open  ms-sql-s Microsoft SQL Server 2019 15.00.2000.00; RTM
|_ms-sql-info: ERROR: Script execution failed (use -d to debug)

<<SNIP FOR BREVITY >>

This command scans the target IP for MSSQL services running on port 1433 and retrieves information about the MSSQL instance.

Enumeration using NetExec

nxc mssql 10.10.10.0/24
MSSQL       10.10.10.22     1433   CASTELBLACK      [*] Windows 10 / Server 2019 Build 17763 (name:CASTELBLACK) (domain:north.sevenkingdoms.local)
MSSQL       10.10.10.23     1433   BRAAVOS          [*] Windows 10 / Server 2016 Build 14393 (name:BRAAVOS) (domain:essos.local)