Tuesday TOOLSday: mssqlkaren - by Brian Johnson

Playback speed

×

Share post

Share post at current time

0:00

/

0:00

Transcript

Tuesday TOOLSday: mssqlkaren

Stealing SCCM creds with Karen's help!

Oct 07, 2025

Hey friends, in last week’s podcast I talked about a fun pentest where I relayed an SCCM machine account cred to a SCCM server with SQL installed, then dumped delicious information out of the database - which contained clear text SCCM creds! Today I show this in more detail, and how the credential stealing process was made much easier with the help of mssqlkaren.

Other reference links:

7MS #695 - where we talk about this attack in more detail
Pentesting GOAD SCCM - shows how to make a SQL connection to an SCCM server (I was wrong in today’s video in that we didn’t actually show an SCCM relay in the YouTube video, but at least you can see things from a SQL prompt POV)

Enjoy!

Brian

Discussion about this video

#nojs-banner { position: fixed; bottom: 0; left: 0; padding: 16px 16px 16px 32px; width: 100%; box-sizing: border-box; background: red; color: white; font-family: -apple-system, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 13px; line-height: 13px; } #nojs-banner a { color: inherit; text-decoration: underline; } This site requires JavaScript to run correctly. Please turn on JavaScript or unblock scripts