various useful post-exploitation commands

**ms-sql-enumeration.fuzz.txt**
* ms-sqli info disclosure payload fuzzfile
* replace regex with your fuzzer for best results <attackerip> <sharename>
* run wireshark or tcpdump, look for incoming smb or icmp packets from victim
* might need to terminate payloads with ;--


**mysql-injection-login-bypass.fuzz.txt**
* regex replace as many as you can with your fuzzer for best results:
* <user-fieldname> <pass-fieldname> <username> 
* also try to brute force a list of possible usernames, including possile admin acct names

**mysql-read-local-files.fuzz.txt**
* mysql local file disclosure through sqli
* fuzz interesting absolute filepath/filename into <filepath>