We know that we have two users: sa and nipun. Let's use one of them and try finding the other user credentials. We can achieve this with the help of the mssql_hashdump module. Let's check it's working and investigate all other hashes as follows:
We can see that we have gained access to the password hashes for other accounts on the database server. We can now crack them using a third-party tool and can elevate or gain access to additional databases and tables as well.