Need to make a few notes with this. Firstly, we have MSSql server creds obtained through an unsecured SMB share:
Now we use Impacket mssqlclient.py like so:
The ps1 script was from Nishang:
and
and
Next, run winPEAS and it does work but displays nothing until it’s finished:
We find some creds:
And need to read our file: