MSSQL Penetration Testing Using Python
2024-2-5 23:5:0 Author: www.hackingdream.net(查看原文) 阅读量:16 收藏 
Installation 
curl https://packages.microsoft.com/keys/microsoft.asc | sudo tee /etc/apt/trusted.gpg.d/microsoft.asc

#Download appropriate package for the OS version
#Choose only ONE of the following, corresponding to your OS version

#Debian 9
curl https://packages.microsoft.com/config/debian/9/prod.list | sudo tee /etc/apt/sources.list.d/mssql-release.list

#Debian 10
curl https://packages.microsoft.com/config/debian/10/prod.list | sudo tee /etc/apt/sources.list.d/mssql-release.list

#Debian 11
curl https://packages.microsoft.com/config/debian/11/prod.list | sudo tee /etc/apt/sources.list.d/mssql-release.list

#Debian 12
curl https://packages.microsoft.com/config/debian/12/prod.list | sudo tee /etc/apt/sources.list.d/mssql-release.list

sudo apt-get update
sudo ACCEPT_EULA=Y apt-get install -y msodbcsql18
# optional: for bcp and sqlcmd
sudo ACCEPT_EULA=Y apt-get install -y mssql-tools18
echo 'export PATH="$PATH:/opt/mssql-tools18/bin"' >> ~/.bashrc
echo 'export PATH="$PATH:/opt/microsoft/msodbcsql18/lib64"' >> ~/.bashrc
source ~/.bashrc
# optional: for unixODBC development headers
sudo apt-get install -y unixodbc-dev
# optional: kerberos library for debian-slim distributions
sudo apt-get install -y libgssapi-krb5-2

Troubleshooting Incase of Errors
odbcinst -j
unixODBC 2.3.12
DRIVERS............: /etc/odbcinst.ini
SYSTEM DATA SOURCES: /etc/odbc.ini
FILE DATA SOURCES..: /etc/ODBCDataSources
USER DATA SOURCES..: /root/.odbc.ini
SQLULEN Size.......: 8
SQLLEN Size........: 8
SQLSETPOSIROW Size.: 8

export PATH="$PATH:/opt/microsoft/msodbcsql18/lib64"

/etc/odbcinst.ini contents

[ODBC Driver 18 for SQL Server]
Description=Microsoft ODBC Driver 18 for SQL Server
Driver=/opt/microsoft/msodbcsql18/lib64/libmsodbcsql-18.3.so.2.1
UsageCount=1

The Driver entry points to the correct location of the ODBC driver library (libmsodbcsql-18.3.so.2.1) within the /opt/microsoft/msodbcsql18/lib64/ directory.

Now, since the driver is correctly defined, you can set the LD_LIBRARY_PATH in your script or environment,
export LD_LIBRARY_PATH=/opt/microsoft/msodbcsql18/lib64:$LD_LIBRARY_

Microsoft have written and distributed multiple ODBC drivers, compatible with different versions of SQL Server:

{SQL Server} - released with SQL Server 2000
{SQL Native Client} - released with SQL Server 2005 (also known as version 9.0)
{SQL Server Native Client 10.0} - released with SQL Server 2008
{SQL Server Native Client 11.0} - released with SQL Server 2012
{ODBC Driver 11 for SQL Server} - supports SQL Server 2005 through 2014
{ODBC Driver 13 for SQL Server} - supports SQL Server 2008 through 2016
{ODBC Driver 13.1 for SQL Server} - supports SQL Server 2008 through 2017
{ODBC Driver 17 for SQL Server} - supports SQL Server 2008 through 2022 (depending on minor version)
{ODBC Driver 18 for SQL Server} - supports SQL Server 2012 through 2022 (depending on minor version)

The drivers can be downloaded from here 
MSSQL Server Connection using Python

import pyodbc
cnxn = pyodbc.connect("Driver={ODBC Driver 18 for SQL Server};"
                      "Server=10.10.10.10;"
                      "Database=master;"
                      "Trusted_Connection=yes;"
                      "sslVerify=0;")

cursor = cnxn.cursor()
cursor.execute('SELECT @@version')

for row in cursor:
    print('row = %r' % (row,))

Executing Commands on MSSQL Server Without Authentication using Python

import pyodbc

def get_sql_server_version(server, port):
    connection = None
    try:
        connection_string = "DRIVER=ODBC Driver 18 for SQL Server;SERVER={server},{port};DATABASE=master;Trusted_Connection=yes;sslVerify=0;"
        connection = pyodbc.connect(connection_string)
        cursor = connection.cursor()

        # Execute a query to retrieve version information
        cursor.execute("SELECT @@version")
        row = cursor.fetchone()

        if row:
            return row[0]

    except Exception as e:
        print(f"Error connecting to SQL Server: {e}")

    finally:
        if connection:
            connection.close()

    return None

# Example usage
server = "10.10.10.10"
port = 1433  # Default SQL Server port
version = get_sql_server_version(server, port)

if version:
    print(f"SQL Server version: {version}")
else:
    print("Unable to retrieve version information.")

文章来源: https://www.hackingdream.net/2024/02/mssql-penetration-testing-using-python.html
如有侵权请联系:admin#unsafe.sh