Penetration Testing mailing list archives
linked servers, SQL (MS, others?) pen testing
From: rootsuid <rootsuid () gmail com>
Date: Sun, 7 Aug 2005 22:43:57 -0400
I'm sure others have run into this situation before, so I figured I would ask for how this problem was approached. There are X networked MSSQL servers. They are linked servers and send/recv data to/from one another. They do so using OPENQUERY(). The following is an example hierarchy: A | B | \ | \ C D The permission/authentication is stored within the MSSQL database (they are added as 'linked servers'). So A can already access B; B can access C and D. The login information is unknown, but you are given access to A. Therefore you can access data on B. You know that B can access C and D, but A cannot. The problem that arises, is you can not (that I am aware?) use OPENQUERY within an OPENQUERY statement. Is there an alternate method for routing OPENQUERY calls to the remote machines? It must be shown, that a compromise of A, results directly in a compromise of data on B, C, and D as well. Basically, I want to openquery within openquery, or find a method of emulating that. ---------- Some additional information example OPENQUERY, (run on A, getting data from B) SELECT * FROM OPENQUERY(B, 'SELECT name,id FROM mydb.tablesarefun') OPENQUERY documentation http://msdn.microsoft.com/library/default.asp?url=/library/en-us/tsqlref/ts_oa-oz_5xix.asp How to add linked servers http://msdn.microsoft.com/library/default.asp?url=/library/en-us/tsqlref/ts_sp_adda_8gqa.asp ----------- --root ------------------------------------------------------------------------------ FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't Learn the hacker's secrets that compromise wireless LANs. Secure your WLAN by understanding these threats, available hacking tools and proven countermeasures. Defend your WLAN against man-in-the-Middle attacks and session hijacking, denial-of-service, rogue access points, identity thefts and MAC spoofing. Request your complimentary white paper at: http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801 -------------------------------------------------------------------------------
Current thread:
- linked servers, SQL (MS, others?) pen testing rootsuid (Aug 08)