MSSQL connection without SMB?

byt3bl33d3r / CrackMapExec

A swiss army knife for pentesting networks

BSD 2-Clause "Simplified" License

8.45k stars 1.64k forks source link

MSSQL connection without SMB? #306

Closed stealthsploit closed 4 years ago

stealthsploit commented 5 years ago

Hi,

Is it possible to make a direct MSSQL connection to execute queries without SMB access to the host? The --mssql mode stops working if access to 445 is blocked and didn't know if there was something I was missing, as this would rule out any DB work where only the MSSQL port was exposed?

Many thanks in advance.

byt3bl33d3r commented 4 years ago

This was a design decision, as making a direct MSSQL connection wouldn't really return any useful info about the host. You can modify the code so that it doesn't make an SMB connection pretty easily. PR's are welcome :)

mpgn commented 4 years ago

Check the wiki updated https://github.com/byt3bl33d3r/CrackMapExec/wiki/MSSQL-Command-Reference#1-windows-auth