Home page logo

pen-test logo Penetration Testing mailing list archives

linked servers, SQL (MS, others?) pen testing
From: rootsuid <rootsuid () gmail com>
Date: Sun, 7 Aug 2005 22:43:57 -0400

I'm sure others have run into this situation before, so I figured I
would ask for how this problem was approached. There are X networked
MSSQL servers. They are linked servers and send/recv data to/from one
another. They do so using OPENQUERY(). The following is an example
| \
|  \
C  D

The permission/authentication is stored within the MSSQL database
(they are added as 'linked servers'). So A can already access B; B can
access C and D. The login information is unknown, but you are given
access to A. Therefore you can access data on B. You know that B can
access C and D, but A cannot. The problem that arises, is you can not
(that I am aware?) use OPENQUERY within an OPENQUERY statement. Is
there an alternate method for routing OPENQUERY calls to the remote

It must be shown, that a compromise of A, results directly in a
compromise of data on B, C, and D as well. Basically, I want to
openquery within openquery, or find a method of emulating that.

---------- Some additional information
example OPENQUERY, (run on A, getting data from B)
SELECT * FROM OPENQUERY(B, 'SELECT name,id FROM mydb.tablesarefun') 

OPENQUERY documentation

How to add linked servers


FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't

Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:


  By Date           By Thread  

Current thread:
  • linked servers, SQL (MS, others?) pen testing rootsuid (Aug 08)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]