Home page logo
/

pen-test logo Penetration Testing mailing list archives

linked servers, SQL (MS, others?) pen testing
From: rootsuid <rootsuid () gmail com>
Date: Sun, 7 Aug 2005 22:43:57 -0400

I'm sure others have run into this situation before, so I figured I
would ask for how this problem was approached. There are X networked
MSSQL servers. They are linked servers and send/recv data to/from one
another. They do so using OPENQUERY(). The following is an example
hierarchy:
A
|
B
| \
|  \
C  D

The permission/authentication is stored within the MSSQL database
(they are added as 'linked servers'). So A can already access B; B can
access C and D. The login information is unknown, but you are given
access to A. Therefore you can access data on B. You know that B can
access C and D, but A cannot. The problem that arises, is you can not
(that I am aware?) use OPENQUERY within an OPENQUERY statement. Is
there an alternate method for routing OPENQUERY calls to the remote
machines?

It must be shown, that a compromise of A, results directly in a
compromise of data on B, C, and D as well. Basically, I want to
openquery within openquery, or find a method of emulating that.

---------- Some additional information
example OPENQUERY, (run on A, getting data from B)
SELECT * FROM OPENQUERY(B, 'SELECT name,id FROM mydb.tablesarefun') 

OPENQUERY documentation
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/tsqlref/ts_oa-oz_5xix.asp

How to add linked servers
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/tsqlref/ts_sp_adda_8gqa.asp
-----------

--root

------------------------------------------------------------------------------
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't

Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:

http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
-------------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
  • linked servers, SQL (MS, others?) pen testing rootsuid (Aug 08)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault