Penetration Testing mailing list archives
Re: [PEN-TEST] Hacking a server through SQL SERVER 7
From: "Derrick K. Bennett" <derrick () ANEI COM>
Date: Tue, 23 Jan 2001 13:37:40 -0800
When you have sa privileges to a SQL box then the game is pretty much over. You then have access to a cmd prompt through xp_cmdshell (I think). I don't have my SQL server in front of me but you can enable the extended procedures and then open your query window and run commands out through that procedure to the shell and it runs under the autority of the SQL server which is usually admin or system. From this the options are endless. Copy the backup erd info or setup an ftp script to download files and run them opening a full shell for your access. Basically anything you can do from a command prompt you can do as sa and the options beyond that are even better. ALWAYS change the sa password people. And honestly block SQL ports to the net unless it really is needed. Derrick -----Original Message----- From: FiC Sent: Tue 1/23/2001 5:43 AM To: PEN-TEST () SECURITYFOCUS COM Cc: Subject: [PEN-TEST] Hacking a server through SQL SERVER 7 Hi all. I've noticed that a lot of people out there don't worry about the default sa login in SQL SERVER. So i've connected through my SQL Enterprise Manager to such unprotected servers using the sa login and a blank password. Once connected, in the Security ->Login folder, I can see the NT administrator login and the NT administrator group. The question is.... ¿What else information can I get from that server? ¿Is there anyway to get the NT administrator's password? In the Management->Backup folder I can see every folder and file in the remote drives. Can I get/upload a file in the server? How can I finally penetrate the server once I've connected as 'sa' to their SQL SERVER? Thanx a lot. -- ~/ FiC /~
Current thread:
- [PEN-TEST] Hacking a server through SQL SERVER 7 FiC (Jan 23)
- Re: [PEN-TEST] Hacking a server through SQL SERVER 7 Aaron C. Newman (Jan 23)
- <Possible follow-ups>
- Re: [PEN-TEST] Hacking a server through SQL SERVER 7 Derrick K. Bennett (Jan 23)
- Re: [PEN-TEST] Hacking a server through SQL SERVER 7 H D Moore (Jan 23)
- Re: [PEN-TEST] Hacking a server through SQL SERVER 7 FiC (Jan 25)
- Re: [PEN-TEST] Hacking a server through SQL SERVER 7 Attonbitus Deus (Jan 25)
- Re: [PEN-TEST] Hacking a server through SQL SERVER 7 Aaron C. Newman (Jan 25)
- Re: [PEN-TEST] Hacking a server through SQL SERVER 7 MadHat (Jan 25)
- Re: [PEN-TEST] Hacking a server through SQL SERVER 7 FiC (Jan 25)
- Re: [PEN-TEST] Hacking a server through SQL SERVER 7 Brentlinger, Mike (ISS eServices) (Jan 25)
- Re: [PEN-TEST] Hacking a server through SQL SERVER 7 Frank Knobbe (Jan 25)