Re: [PEN-TEST] Hacking a server through SQL SERVER 7

[FiC <fic () BIGFOOT COM>]

Thank you all for your valuable information.

Is there anyway to upload/create a file in the hacked SQL SERVER through the 
system commands? I think that the machine is behind a Firewall and even if I 
start the FTP service I can't connect via ftp, and the port 139 is not open 
or its filtered. I've tried to create an .asp file with the "copy con" 
command, but I can't do it through the SQL console. How can I upload/create 
an .asp file to this server?

Thanx.


> Once you have access to a MSSQL 7 server via the "sa" account, you can do
> all sorts of fun things:
>
> Run system commands:
>
> EXEC [master].[dbo].[xp_cmdshell] "net user newuser newpass /ADD /DOMAIN"
> EXEC [master].[dbo].[xp_cmdshell] "net group 'Domain Admins' newuser /ADD
> /DOMAIN"
>
> You can also access the registry, send email, dump system information...
> Take a look at some of the Extended Stored Procedures in the [master]
> database with SQL Query Analyzer.  Depending on the user the server runs at
> (normally SYSTEM or Administrator), you can usually use xp_cmdshell to
> rebuild the repair disk data with rdisk /s and snag the SAM database.
>
> I will be giving a presentation at the upcoming CanSecWest conference
> covering a variety of SQL server attacks, everything from general procedure
> exploitation to insertion techniques.  At the conference, I will be
> releasing a handful of new tools, one of which exploits the RDS component
> in new ways, allowing access to SQL servers as well as proxying requests to
> internal systems through it.  For more information on the conference,
> please see http://www.cansecwest.com, online registration should be
> available within a few weeks.

-- 
~/ FiC /~