Home page logo

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] Have SQL admin account and password... now what?
From: Vitaly McLain <twistah () DATASURGE NET>
Date: Tue, 12 Sep 2000 19:30:44 -0500


Try using 'xp_cmdshell'. This stored procedure (MS SQL Server, others?)
let's you issue commands on the system (ex: xp_cmdshell 'dir').

One thing I recommend you read is the post on BugTraq concerning the
un-passworded 'sa' account and the tool linsql.c. The post/tool describes
pretty much what you want to do and how to do it (uploading files, for
example). Infact, you may want to check out linsql.c if you have a spare
UN*X box laying around (with the FreeTDS lib installed).

Vitaly McLain
twistah () datasurge net

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]