Tally write-up by Alamot

Solid writeup as usual, alamot!
One can also use Metasploit’s mssql_clr_payload module to pop a shell, although it’s not as reliable.