# Using nmap NSE scripts
nmap -n -sV --version-intensity=5 -sT -Pn -p T:1433 --script=xxxx <IP>
# Bruteforce accounts and password against a MSSQL Server
ms-sql-brute
# Queries Microsoft SQL Server (ms-sql) instances for a list of databases, linked servers,and configuration settings.# Credentials required
ms-sql-config
# Queries the Microsoft SQL Browser service for the DAC (Dedicated AdminConnection)
ms-sql-dac
# Dumps the password hashes from an MS-SQL server in a format suitable# Credentials required
ms-sql-dump-hashes
# Attempts to authenticate to Microsoft SQL Servers using an empty password forthe sysadmin (sa) account.
ms-sql-empty-password
# Queries Microsoft SQL Server (ms-sql) instances for a list of databases a user hasaccess to.# Credentials required
ms-sql-hasdbaccess
# Attempts to determine configuration and version information for Microsoft SQLServer instances
ms-sql-info
# Runs a query against Microsoft SQL Server (ms-sql).# Credentials required.
ms-sql-query
# Queries Microsoft SQL Server (ms-sql) for a list of tables per database.# Credentials required
ms-sql-tables
# Attempts to run a command using the command shell of Microsoft SQL Server (ms-sql)# Credentials required
ms-sql-xp-cmdshell