MazX0p

MazX0p / mssqlbof

Public

A Beacon Object File suite for Microsoft SQL Server that speaks TDS 7.4 on the wire itself

48
4
100% credibility
Found Apr 09, 2026 at 48 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
C
AI Summary

A suite of lightweight tools for security testers to discover, connect to, query, and execute commands on SQL Server databases directly from within their testing agents, emphasizing stealth and minimal traces.

How It Works

1
πŸ” Spot Database Servers

You search the network to quietly find all the SQL database servers available nearby.

2
πŸ–₯️ Connect to One

Pick a server and link up using your current access, feeling the secure handshake complete.

3
πŸ“‹ Check Server Details

Quickly learn the server's version, your role, and if you have high access – all in a neat summary.

4
Choose Your Move
πŸ“Š
Run a Custom Query

Ask any question you want and see the table of answers right away.

πŸš€
Launch a Command

Safely run a quick task on the server and capture the output without a trace.

πŸ”“
Explore Access Paths

Map out ways to gain more control, like linked servers or hidden privileges.

5
βœ… Review Clean Results

Everything works smoothly, results flow back instantly, and nothing extra lingers.

πŸŽ‰ Mission Accomplished

You've gathered intel or taken action on the database completely under the radar, ready for the next step.

Sign up to see the full architecture

4 more

Sign Up Free

Star Growth

See how this repo grew from 48 to 48 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is mssqlbof?

mssqlbof delivers a C-based beacon object file suite for querying and exploiting Microsoft SQL Server straight from Cobalt Strike, Havoc, or Sliver beacons. It speaks TDS 7.4 natively over TCP, handling connections, arbitrary T-SQL queries, xp_cmdshell exec, linked server enum, impersonation, and privesc paths like EXECUTE AS LOGINβ€”all via a single ~48KB object per arch. No ODBC DLLs, .NET CLR, or PowerShell; just drop it into any BOF-compatible C2.

Why is it gaining traction?

It sidesteps noisy alternatives like PowerUpSQL or sqlcmd wrappers that load mscoree.dll and trigger AMSI, using only beacon-baseline winsock and schannel for stealthy ops. PTH shines with hand-rolled NTLMv2 via BCrypt, plus SSPI current-token auth that honors make_token/steal_token. Cross-C2 portability (9 frameworks verified) and per-action OPSEC tables make it a go-to for beacon object file development in red teams.

Who should use this?

Red teamers targeting SQL Servers in domain engagements, especially those running Cobalt Strike beacon object files for recon (SPN hunting via LDAP), pivoting (linked servers), or shelling out via xp_cmdshell with auto-privesc. Perfect if you're chaining beacons and need SQL without memory bloat or detection hooks like beacon object file mitre tactics.

Verdict

Grab it for SQL-heavy opsβ€”v0.1.2 is battle-tested across SQL 2019+ and C2s, with top-tier docs on protocol quirks and OPSEC. Low 48 stars and 1.0% credibility reflect its niche, but maturity belies the score; mature enough for prod if you verify your chain.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.