mailing list archives
Re: [PEN-TEST] More SQL Hacking
From: Meredith Shaebanyan <MeredithS () pwaor com>
Date: Mon, 18 Sep 2000 09:33:27 +0100
What you want to get access to is probably the xp_cmdshell() stored
procedure in the master database, which will allow you to execute arbitrary
commands on the client's (note *client* and not *victim*) machine.
Now, if you don't have permission to execute the stored procedure, there's a
simple work-around. SQL Server fails to check permissions on temporary
stored procedures (there's a patch out for this, and it's documented in
Microsoft Security Bulletin MS00-048. So it's possible to create a temporary
stored procedure to act a a wrapper for xp_cmdshell() and then execute
CREATE PROCEDURE #deface_site AS
exec master.dbo.xp_cmdshell 'cmd/c echo 0wn3d again, h3h3h3h3 >
I think that was actually on bugtraq before the xp_cmdshell() think got
big...so people might think they've tightened their permissions when people
really need to just need to create a stored procedure (on unpatched
Pacific West Association of Realtors
MeredithS () pwaor com
From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf
Of Loschiavo, Dave
Sent: Friday, September 15, 2000 11:23 PM
To: PEN-TEST () SECURITYFOCUS COM
Subject: [PEN-TEST] More SQL Hacking
From the role of the dbo of a database other than master, is there anyway I
can get to the NOS (NT) on which a SQL database resides?
I have the dbo SQL userid and password, but I'm not able to much with it
because of a lack of access to extended stored procedures.
Thanks in advance!
- Re: [PEN-TEST] More SQL Hacking Meredith Shaebanyan (Sep 18)