MSSQL Penetration Testing Using Python



curl | sudo tee /etc/apt/trusted.gpg.d/microsoft.asc #Download appropriate package for the OS version #Choose only ONE of the following, corresponding to your OS version #Debian 9 curl | sudo tee /etc/apt/sources.list.d/mssql-release.list #Debian 10 curl | sudo tee /etc/apt/sources.list.d/mssql-release.list #Debian 11 curl | sudo tee /etc/apt/sources.list.d/mssql-release.list #Debian 12 curl | sudo tee /etc/apt/sources.list.d/mssql-release.list sudo apt-get update sudo ACCEPT_EULA=Y apt-get install -y msodbcsql18 # optional: for bcp and sqlcmd sudo ACCEPT_EULA=Y apt-get install -y mssql-tools18 echo 'export PATH="$PATH:/opt/mssql-tools18/bin"' >> ~/.bashrc echo 'export PATH="$PATH:/opt/microsoft/msodbcsql18/lib64"' >> ~/.bashrc source ~/.bashrc # optional: for unixODBC development headers sudo apt-get install -y unixodbc-dev # optional: kerberos library for debian-slim distributions sudo apt-get install -y libgssapi-krb5-2

Troubleshooting Incase of Errors

odbcinst -j unixODBC 2.3.12 DRIVERS............: /etc/odbcinst.ini SYSTEM DATA SOURCES: /etc/odbc.ini FILE DATA SOURCES..: /etc/ODBCDataSources USER DATA SOURCES..: /root/.odbc.ini SQLULEN Size.......: 8 SQLLEN Size........: 8 SQLSETPOSIROW Size.: 8 export PATH="$PATH:/opt/microsoft/msodbcsql18/lib64" /etc/odbcinst.ini contents [ODBC Driver 18 for SQL Server] Description=Microsoft ODBC Driver 18 for SQL Server Driver=/opt/microsoft/msodbcsql18/lib64/ UsageCount=1 The Driver entry points to the correct location of the ODBC driver library ( within the /opt/microsoft/msodbcsql18/lib64/ directory. Now, since the driver is correctly defined, you can set the LD_LIBRARY_PATH in your script or environment, export LD_LIBRARY_PATH=/opt/microsoft/msodbcsql18/lib64:$LD_LIBRARY_
Microsoft have written and distributed multiple ODBC drivers, compatible with different versions of SQL Server:

{SQL Server} - released with SQL Server 2000
{SQL Native Client} - released with SQL Server 2005 (also known as version 9.0)
{SQL Server Native Client 10.0} - released with SQL Server 2008
{SQL Server Native Client 11.0} - released with SQL Server 2012
{ODBC Driver 11 for SQL Server} - supports SQL Server 2005 through 2014
{ODBC Driver 13 for SQL Server} - supports SQL Server 2008 through 2016
{ODBC Driver 13.1 for SQL Server} - supports SQL Server 2008 through 2017
{ODBC Driver 17 for SQL Server} - supports SQL Server 2008 through 2022 (depending on minor version)
{ODBC Driver 18 for SQL Server} - supports SQL Server 2012 through 2022 (depending on minor version)

The drivers can be downloaded from here 

MSSQL Server Connection using Python

import pyodbc cnxn = pyodbc.connect("Driver={ODBC Driver 18 for SQL Server};" "Server=;" "Database=master;" "Trusted_Connection=yes;" "sslVerify=0;") cursor = cnxn.cursor() cursor.execute('SELECT @@version') for row in cursor: print('row = %r' % (row,))

Executing Commands on MSSQL Server Without Authentication using Python

import pyodbc def get_sql_server_version(server, port): connection = None try: connection_string = "DRIVER=ODBC Driver 18 for SQL Server;SERVER={server},{port};DATABASE=master;Trusted_Connection=yes;sslVerify=0;" connection = pyodbc.connect(connection_string) cursor = connection.cursor() # Execute a query to retrieve version information cursor.execute("SELECT @@version") row = cursor.fetchone() if row: return row[0] except Exception as e: print(f"Error connecting to SQL Server: {e}") finally: if connection: connection.close() return None # Example usage server = "" port = 1433 # Default SQL Server port version = get_sql_server_version(server, port) if version: print(f"SQL Server version: {version}") else: print("Unable to retrieve version information.")

Bhanu Namikaze

Bhanu Namikaze is an Ethical Hacker, Security Analyst, Blogger, Web Developer and a Mechanical Engineer. He Enjoys writing articles, Blogging, Debugging Errors and Capture the Flags. Enjoy Learning; There is Nothing Like Absolute Defeat - Try and try until you Succeed.

No comments:

Post a Comment