Skip to content

Releases: n3rada/MSSQLand

v1.4

07 Mar 15:07
@n3rada n3rada
v1.4
1c500b5
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.4 Latest
Latest

What's Changed

  • Improving procedures interactions by @Xenorf in #3
  • Return gracefully instead of using Environment.Exit by @maxbeckmann in #4
  • Log stacktrace only in debug mode by @purpl3horse in #5
  • The console output now indicates clearly to the user when the lack of Remote Procedure Call activation on remote server could cause problem.

New Contributors

Full Changelog: v1.3...v1.4

Contributors

maxbeckmann, purpl3horse, and Xenorf
Assets 3
Loading

v1.3

25 Feb 18:19
@n3rada n3rada
v1.3
This tag was signed with the committer’s verified signature.
n3rada
GPG key ID: EF66C0CD430F5DA5
Verified
Learn about vigilant mode.
035e02a
This commit was signed with the committer’s verified signature.
n3rada
GPG key ID: EF66C0CD430F5DA5
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.3

🔄 Major Enhancements

✅ Added Linked Server Mapping – MSSQLand now supports detailed MS SQL Server link mapping, displaying impersonation paths and improving visibility across multi-hop chains.

image

🐞 Bug Fixes & Improvements

✅ Avoid multiple errors during xp_cmdshell execution flow.

Full Changelog: v1.2...v1.3

Loading

v1.2

22 Feb 10:29
@n3rada n3rada
v1.2
This tag was signed with the committer’s verified signature.
n3rada
GPG key ID: EF66C0CD430F5DA5
Verified
Learn about vigilant mode.
e60956f
This commit was signed with the committer’s verified signature.
n3rada
GPG key ID: EF66C0CD430F5DA5
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.2

🔄 Major Enhancements

✅ All Actions now return object?, providing greater flexibility for developers.

/a:adsi now supports multiple modes for better ADSI exploitation:

  • list: Displays all ADSI linked servers and their mapped users.
  • self: Creates a fake ADSI server to retrieve the current user’s credentials.
  • link <SQLServer>: Targets a specific SQL Server ADSI link to retrieve linked credentials.

✅ Added ConvertListToMarkdownTable(), enabling cleaner Markdown table formatting for lists.

🐞 Bug Fixes & Improvements

✅ Resolved ADSI linked server check failures in certain conditions.
-- is now automatically removed during command parsing to prevent unnecessary errors from sliver (see #2 ).
✅ Actions that contains arguments with options now use Enum.

Full Changelog: v1.0.0...v1.2

Loading

The Only MS SQL Tool You’ll Ever Need 🚀

20 Jan 22:04
@n3rada n3rada
v1.0.0
This tag was signed with the committer’s verified signature.
n3rada
GPG key ID: EF66C0CD430F5DA5
Verified
Learn about vigilant mode.
49e6b73
This commit was signed with the committer’s verified signature.
n3rada
GPG key ID: EF66C0CD430F5DA5
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
The Only MS SQL Tool You’ll Ever Need 🚀

Introducing MSSQLand v1.0, the ultimate tool for navigating Microsoft SQL Server environments. Whether you’re a penetration tester, security researcher, or T-SQL aficionado, MSSQLand is designed to make your work easier, more efficient, and polished. Built with professional penetration testers in mind, but easy enough for anyone to use.

With MSSQLand, you can:

  • Traverse multi-hop linked servers, impersonating users across the chain.
  • Interact with SQL environments, leveraging advanced query capabilities.
  • Extract credentials using the ADSI provider to exploit misconfigured linked servers.
  • Generate professional, Markdown-friendly output, perfect for reporting.
  • Automate complex operations like enumerating permissions, linked servers, and users.
  • Load CLR assemblies and execute remote PowerShell scripts, expanding your attack surface effortlessly.
Loading