I have found the user for the first question, but when I try to query the database core_app it seems that it is empty:
$ nxc mssql 10.129.204.177 -u 'engels' -p 'Inlanefreight1998!' -q "SELECT name FROM master.dbo.sysdatabases"
MSSQL 10.129.204.177 1433 DC01 [*] Windows 10 / Server 2019 Build 17763 (name:DC01) (domain:inlanefreight.htb)
MSSQL 10.129.204.177 1433 DC01 [+] inlanefreight.htb\engels:Inlanefreight1998!
MSSQL 10.129.204.177 1433 DC01 name:master
MSSQL 10.129.204.177 1433 DC01 name:tempdb
MSSQL 10.129.204.177 1433 DC01 name:model
MSSQL 10.129.204.177 1433 DC01 name:msdb
MSSQL 10.129.204.177 1433 DC01 name:core_app
MSSQL 10.129.204.177 1433 DC01 name:core_business
$ nxc mssql 10.129.204.177 -u 'engels' -p 'Inlanefreight1998!' -q 'SELECT table_name FROM core_app.INFORMATION_SCHEMA.tables'
MSSQL 10.129.204.177 1433 DC01 [*] Windows 10 / Server 2019 Build 17763 (name:DC01) (domain:inlanefreight.htb)
MSSQL 10.129.204.177 1433 DC01 [+] inlanefreight.htb\engels:Inlanefreight1998!
I thought it might be an access issue, since this user it is not a DBA, but privesc does not work either because the account julio which is a DBA in the example, it is not here:
$ nxc mssql 10.129.5.141 -u 'engels' -p 'Inlanefreight1998!' -M mssql_priv -o ACTION=privesc
MSSQL 10.129.5.141 1433 DC01 [*] Windows 10 / Server 2019 Build 17763 (name:DC01) (domain:inlanefreight.htb)
MSSQL 10.129.5.141 1433 DC01 [+] inlanefreight.htb\engels:Inlanefreight1998!
MSSQL_PR... [*] INLANEFREIGHT\engels can impersonate: julio
MSSQL_PR... [*] julio can impersonate: INLANEFREIGHT\robert
MSSQL_PR... [-] can't find any path to privesc
Any nudge would be highly appreciated!