MSSQL介绍

Microsoft SQL Server(MSSQL Server)是微软开发的一款专有 relational database management system (RDMS)。他可以与 Active Directory 和.NET 的紧密集成

MSSQL使用的是其自有的语言,叫做Transact-SQL (T-SQL)

1. 连接MSSQL

1.1. impacket-mssqlclient

Linux上常用

1.2. SSMS

Microsoft SQL Server Management Studio (SSMS)sqlcmd是微软开放的官方工具
Pasted image 20260314171831.png
查询操作
Pasted image 20260314171847.png

常见枚举
枚举登录名及其服务器级角色

SELECT r.name, r.type_desc, r.is_disabled, sl.sysadmin, sl.securityadmin, sl.serveradmin, sl.setupadmin, sl.processadmin, sl.diskadmin, sl.dbcreator, sl.bulkadmin
FROM master.sys.server_principals r
LEFT JOIN master.sys.syslogins sl ON sl.sid = r.sid
WHERE r.type IN ('S','E','X','U','G');

枚举数据库、所有者和可信关系

SELECT a.name AS 'database', b.name AS 'owner', is_trustworthy_on
FROM sys.databases a
JOIN sys.server_principals b ON a.owner_sid = b.sid;

Pasted image 20260315013335.png
枚举数据库用户

USE webshop;
EXECUTE sp_helpuser;

Pasted image 20260315013231.png