-
Notifications
You must be signed in to change notification settings - Fork 115
1. Enumeration
Sanjiv Kawa edited this page Jul 2, 2024
·
2 revisions
Enumeration modules do not require authentication.
Execute against a single host
SQLRecon.exe /e:info /h:SQL01
Expected Output:
| Object | Value |
| ------------- | ----------- |
| Server Name | SQL01 |
| Instance Name | SQLEXPRESS |
| Is Clustered? | No |
| Version | 16.0.1000.6 |
| TCP Port | 1433 |
Execute against multiple hosts with optional arguments
SQLRecon.exe /enum:info /host:172.16.10.101,SQL02 /port:1434 /timeout:1
Expected Output:
[*] (1/2) Executing the 'info' enumeration module on 172.16.10.101
| Object | Value |
| ------------- | ----------- |
| Server Name | SQL01 |
| Instance Name | SQLEXPRESS |
| Is Clustered? | No |
| Version | 16.0.1000.6 |
| TCP Port | 1433 |
[*] (2/2) Executing the 'info' enumeration module on SQL02
| Object | Value |
| ------------- | ----------- |
| Server Name | SQL02 |
| Instance Name | MSSQLSERVER |
| Is Clustered? | No |
| Version | 16.0.1000.6 |
| TCP Port | 1433 |
Enumerate current domain for MS SQL SPNs
SQLRecon.exe /enum:sqlspns
Expected Output:
[*] Looking for MSSQL SPNs ...
[*] 3 found.
| SPN Objects | Value |
| ------------- | ---------------------------------------------- |
| Computer Name | SCCM01.kawalabs.local |
| IP Address | 172.16.10.103 |
| Instance | SCCM01.kawalabs.local:1433 |
| Account SID | S-1-5-21-3113994310-608060616-2731373765-11604 |
| Account Name | mssccm_svc |
| Account CN | Microsoft SCCM Service |
| Service | MSSQLSvc |
| SPN | MSSQLSvc/SCCM01.kawalabs.local:1433 |
| Last Logon | 7/1/0424 2:06:14 PM |
| SPN Objects | Value |
| ------------- | ---------------------------------------------- |
| Computer Name | SCCM01.kawalabs.local |
| IP Address | 172.16.10.103 |
| Instance | SCCM01.kawalabs.local |
| Account SID | S-1-5-21-3113994310-608060616-2731373765-11604 |
| Account Name | mssccm_svc |
| Account CN | Microsoft SCCM Service |
| Service | MSSQLSvc |
| SPN | MSSQLSvc/SCCM01.kawalabs.local |
| Last Logon | 7/1/0424 2:06:14 PM |
| SPN Objects | Value |
| ------------- | ---------------------------------------------- |
| Computer Name | sql02.kawalabs.local |
| IP Address | 172.16.10.102 |
| Instance | sql02.kawalabs.local:1433 |
| Account SID | S-1-5-21-3113994310-608060616-2731373765-11320 |
| Account Name | mssql_svc |
| Account CN | Microsoft SQL Service |
| Service | MSSQLSvc |
| SPN | MSSQLSvc/sql02.kawalabs.local:1433 |
| Last Logon | 6/28/0424 11:55:37 PM |
Enumerate another domain for MS SQL SPNs
SQLRecon.exe /enum:sqlspns /domain:kawalabs.local
Expected Output:
[*] Looking for MSSQL SPNs ...
[*] 3 found.
| SPN Objects | Value |
| ------------- | ---------------------------------------------- |
| Computer Name | SCCM01.kawalabs.local |
| IP Address | 172.16.10.103 |
| Instance | SCCM01.kawalabs.local:1433 |
| Account SID | S-1-5-21-3113994310-608060616-2731373765-11604 |
| Account Name | mssccm_svc |
| Account CN | Microsoft SCCM Service |
| Service | MSSQLSvc |
| SPN | MSSQLSvc/SCCM01.kawalabs.local:1433 |
| Last Logon | 7/1/0424 2:06:14 PM |
| SPN Objects | Value |
| ------------- | ---------------------------------------------- |
| Computer Name | SCCM01.kawalabs.local |
| IP Address | 172.16.10.103 |
| Instance | SCCM01.kawalabs.local |
| Account SID | S-1-5-21-3113994310-608060616-2731373765-11604 |
| Account Name | mssccm_svc |
| Account CN | Microsoft SCCM Service |
| Service | MSSQLSvc |
| SPN | MSSQLSvc/SCCM01.kawalabs.local |
| Last Logon | 7/1/0424 2:06:14 PM |
| SPN Objects | Value |
| ------------- | ---------------------------------------------- |
| Computer Name | sql02.kawalabs.local |
| IP Address | 172.16.10.102 |
| Instance | sql02.kawalabs.local:1433 |
| Account SID | S-1-5-21-3113994310-608060616-2731373765-11320 |
| Account Name | mssql_svc |
| Account CN | Microsoft SQL Service |
| Service | MSSQLSvc |
| SPN | MSSQLSvc/sql02.kawalabs.local:1433 |
| Last Logon | 6/28/0424 11:55:37 PM |