killchain-compendium/exploit/sqli/mssql.md

# MSSQL

# Usage

* `sqsh` as a shell
* After connection is established check `xp_cmdshell'
```sh
xp_cmdshell 'whoami';
```