5 writeups tagged with MSSQL
MSSQL with xp_cmdshell for initial RCE. Active Directory certificate abuse (ADCS) to impersonate Domain Admin.
MSSQL enumeration with credential discovery, followed by Active Directory privilege escalation through ACL misconfigurations.
Windows machine leveraging MSSQL linked server abuse and xp_cmdshell to gain initial foothold, then DPAPI credential decryption for escalation.
MSSQL with xp_cmdshell after credential spraying. ADCS ESC4 template modification for certificate impersonation to gain Domain Admin.
MSSQL Silver Ticket attack via SPN enumeration. Responder captures NTLMv2 hash from SQL query, certificate auth for Domain Admin.
