msdat v2.2 releases: Microsoft SQL Database Attacking Tool
MSDAT (Microsoft SQL Database Attacking Tool) is an open-source penetration testing tool that tests the security of Microsoft SQL Databases remotely.
Usage examples of MSDAT:
- You have a Microsoft database listening remotely and you want to find valid credentials in order to connect to the database
- You have a valid Microsoft SQL account on a database and you want to escalate your privileges
- You have a valid Microsoft SQL account and you want to execute commands on the operating system hosting this DB (xp_cmdshell)
Tested on Microsoft SQL database 2008 and 2012.
Thanks to MSDAT (Microsoft SQL Database Attacking Tool), you can:
- get technical information (ex: database version) of an MSSQL database without to be authenticated
- search MSSQL accounts with a dictionnary attack
- test each login as password (authentication required)
- get a windows shell on the database server with
- download files remotely with:
- OLE Automation
- upload files on the server with:
- OLE Automation
- capture a SMB authentication thanks to:
- steal MSSQL hashed password, on an any MSSQL version
- scan ports through the database:
- execute SQL requests on a remote MSSQL server through the database (target) with:
- list files/directories with:
- list drives/medias with:
- create folder with:
- –nmap-file and -l can be used in all modules and passwordguesser module now. You can give a list of targets with -l or a nmap file with –nmap-file.
- Multiple bug fixes
Some dependencies must be installed in order to run MSDAT.
sudo apt-get install freetds-devsudo pip install cython colorlog termcolor pymssql argparse sudo pip install argcomplete && sudo activate-global-python-argcomplete
Add “use ntlmv2 = yes” in your freetds configuration file (ex: /etc/freetds/freetds.conf or /usr/local/etc/freetds.conf). Example:
Clone the repo
git clone https://github.com/quentinhardy/msdat.git
- You can list all modules:
- When you have chosen a module (example: all), you can use it and you can list all features and options of the module:
./msdat.py all -h
You can know if a specific module can be used on an MSSQL server thanks to the –test-module option. This option is implemented in each mdat module.
Copyright (C) 2018 quentinhardy