MSSQL uses ports TCP/1433 and UDP/1434, and MySQL uses TCP/3306.
However, when MSSQL operates in a "hidden" mode, it uses the TCP/2433 port.
#MySQL
mysql -u julio -pPassword123 -h 10.129.20.13
#Sqlcmd
sqlcmd -S SRVMSSQL -U julio -P 'MyPassword!' -y 30 -Y 30
#Targetting MSSQL from Linux, we can use sqsh as an alternative to sqlcmd
sqsh -S 10.129.203.7 -U julio -P 'MyPassword!' -h
#IMpacket tool mssqlclient.py
mssqlclient.py -p 1433 julio@10.129.203.7
<aside> 💡
When we authenticate to MSSQL using sqlcmd we can use the parameters -y (SQLCMDMAXVARTYPEWIDTH) and -Y (SQLCMDMAXFIXEDTYPEWIDTH) for better looking output.
</aside>
When using Windows Authentication, we need to specify the domain name or the hostname of the target machine. If we don't specify a domain or hostname, it will assume SQL Authentication and authenticate against the users created in the SQL Server. Instead, if we define the domain or hostname, it will use Windows Authentication. If we are targetting a local account, we can use SERVERNAME\\\\accountname or .\\\\accountname.
sqsh -S 10.129.203.7 -U .\\\\julio -P 'MyPassword!' -h
MySQL default system schemas/databases:
mysql - is the system database that contains tables that store information required by the MySQL serverinformation_schema - provides access to database metadataperformance_schema - is a feature for monitoring MySQL Server execution at a low levelsys - a set of objects that helps DBAs and developers interpret data collected by the Performance SchemaMSSQL default system schemas/databases:
master - keeps the information for an instance of SQL Server.msdb - used by SQL Server Agent.model - a template database copied for each new database.resource - a read-only database that keeps system objects visible in every database on the server in sys schema.tempdb - keeps temporary objects for SQL queries.