io.github.wgpsec/AboutSecurity/sqlserver-attack · vmaster
SQL Server 渗透测试与利用。当发现目标开放 1433 端口、SQL Server 允许远程连接(SA 弱口令)、需要从数据库提取数据或实现命令执行时使用。覆盖未授权访问、数据库枚举与导出、xp_cmdshell 命令执行、sp_OACreate COM 对象利用、BULK INSERT 文件读取、Linked Server 横向移动、SQL Agent Job 持久化、存储过程利用、用户创建与提权
sqlserver-attack 是一个Agent Skill,收录自 SkillsMP。本页提供 Cursor、Claude Code 等客户端的安装配置片段。
Agent Skill 是带 SKILL.md 的指令包。安装后,AI 会根据 description 在匹配任务时自动加载,无需每次手动粘贴提示词。
选择你的平台查看安装方式
# 通用 CLI(Cursor / Claude Code / Codex 等均支持)
npx skills add wgpsec/AboutSecurity@sqlserver-attack安装完成后,在对话中直接描述你的任务(或提及技能名称)。Agent 会先读取 SKILL.md 的 description 判断是否启用,再按其中的步骤执行。可用 /skills(Claude Code)或在设置中查看已加载的 Skills。
vmain
io.github.millionco/react-doctor/react-doctor
Use when finishing a feature, fixing a bug, before committing React code, or when the user types `/doctor`, asks to scan, triage, or clean up React diagnostics. Covers lint, accessibility, bundle size, architecture. Includes a regression check and a full local-triage workflow that fetches the canonical playbook.
vmain
io.github.simstudioai/sim/emcn-design-review
Review UI code for alignment with the emcn design system — components, tokens, patterns, and conventions
vmain
io.github.mastra-ai/mastra/react-best-practices
React performance optimization guidelines from Mastra Engineering. This skill should be used when writing, reviewing, or refactoring React code to ensure optimal performance patterns. Triggers on tasks involving React components, data fetching, bundle optimization, or performance improvements.
vmain
io.github.sgl-project/sglang/cookbook-review-pr
Review a pull request against the SGLang Cookbook (docs_new/, Mintlify) contribution checklist — the config-driven format (per-model config + benchmarks JSX consumed by the shared _deployment.jsx / _playground.jsx engines). Run with /cookbook-review-pr <PR number>.
vmain
io.github.first-fluke/oh-my-agent/oma-mobile
Mobile specialist for Flutter, React Native, and Swift native iOS development. Use for mobile app, Flutter, Dart, React Native, Swift, SwiftUI, iOS, Android, Riverpod, swift-openapi-generator, and widget work.
vmain
io.github.first-fluke/oh-my-agent/oma-backend
Backend specialist for APIs, databases, authentication with clean architecture (Repository/Service/Router pattern). Use for API, endpoint, REST, database, server, migration, and auth work.
{
"id": "io.github.wgpsec/AboutSecurity/sqlserver-attack",
"type": "skill",
"version": "master",
"displayName": "sqlserver-attack",
"description": "SQL Server 渗透测试与利用。当发现目标开放 1433 端口、SQL Server 允许远程连接(SA 弱口令)、需要从数据库提取数据或实现命令执行时使用。覆盖未授权访问、数据库枚举与导出、xp_cmdshell 命令执行、sp_OACreate COM 对象利用、BULK INSERT 文件读取、Linked Server 横向移动、SQL Agent Job 持久化、存储过程利用、用户创建与提权",
"author": {
"name": "wgpsec",
"url": "https://github.com/wgpsec"
},
"repository": {
"url": "https://github.com/wgpsec/AboutSecurity",
"source": "github",
"subfolder": "skills/exploit/network-service/sqlserver-attack"
},
"homepage": "https://skillsmp.com/skills/wgpsec-aboutsecurity-skills-exploit-network-service-sqlserver-attack-skill-md",
"distribution": {
"packages": [
{
"registryType": "source",
"identifier": "wgpsec/AboutSecurity@sqlserver-attack",
"version": "master",
"runtimeHint": "npx skills add"
}
],
"remotes": []
},
"dependencies": [],
"installTargets": [
"claude-code",
"claude-desktop",
"cursor",
"codex",
"vscode"
],
"keywords": [
"stars:1429"
],
"provenance": {
"origin": "skillsmp",
"originalId": "wgpsec-aboutsecurity-skills-exploit-network-service-sqlserver-attack-skill-md",
"originalUrl": "https://skillsmp.com/skills/wgpsec-aboutsecurity-skills-exploit-network-service-sqlserver-attack-skill-md",
"isOfficial": false,
"status": "active"
}
}