Penetration Testing mailing list archives
Re: [PEN-TEST] Hacking a server through SQL SERVER 7
From: "Aaron C. Newman" <aaron () NEWMAN-FAMILY COM>
Date: Thu, 25 Jan 2001 13:40:46 -0500
If I understand your question, try: xp_cmdshell 'echo filecontent > c:\file.asp' This will create a file named 'file.asp', with the text 'filecontent' in it. Aaron C. Newman
-----Original Message----- From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf Of FiC Sent: Thursday, January 25, 2001 4:33 AM To: PEN-TEST () SECURITYFOCUS COM Subject: Re: [PEN-TEST] Hacking a server through SQL SERVER 7 Thank you all for your valuable information. Is there anyway to upload/create a file in the hacked SQL SERVER through the system commands? I think that the machine is behind a Firewall and even if I start the FTP service I can't connect via ftp, and the port 139 is not open or its filtered. I've tried to create an .asp file with the "copy con" command, but I can't do it through the SQL console. How can I upload/create an .asp file to this server? Thanx.Once you have access to a MSSQL 7 server via the "sa" account,you can doall sorts of fun things: Run system commands: EXEC [master].[dbo].[xp_cmdshell] "net user newuser newpass/ADD /DOMAIN"EXEC [master].[dbo].[xp_cmdshell] "net group 'Domain Admins'newuser /ADD/DOMAIN" You can also access the registry, send email, dump system information... Take a look at some of the Extended Stored Procedures in the [master] database with SQL Query Analyzer. Depending on the user theserver runs at(normally SYSTEM or Administrator), you can usually use xp_cmdshell to rebuild the repair disk data with rdisk /s and snag the SAM database. I will be giving a presentation at the upcoming CanSecWest conference covering a variety of SQL server attacks, everything fromgeneral procedureexploitation to insertion techniques. At the conference, I will be releasing a handful of new tools, one of which exploits the RDScomponentin new ways, allowing access to SQL servers as well as proxyingrequests tointernal systems through it. For more information on the conference, please see http://www.cansecwest.com, online registration should be available within a few weeks.-- ~/ FiC /~
Current thread:
- [PEN-TEST] Hacking a server through SQL SERVER 7 FiC (Jan 23)
- Re: [PEN-TEST] Hacking a server through SQL SERVER 7 Aaron C. Newman (Jan 23)
- <Possible follow-ups>
- Re: [PEN-TEST] Hacking a server through SQL SERVER 7 Derrick K. Bennett (Jan 23)
- Re: [PEN-TEST] Hacking a server through SQL SERVER 7 H D Moore (Jan 23)
- Re: [PEN-TEST] Hacking a server through SQL SERVER 7 FiC (Jan 25)
- Re: [PEN-TEST] Hacking a server through SQL SERVER 7 Attonbitus Deus (Jan 25)
- Re: [PEN-TEST] Hacking a server through SQL SERVER 7 Aaron C. Newman (Jan 25)
- Re: [PEN-TEST] Hacking a server through SQL SERVER 7 MadHat (Jan 25)
- Re: [PEN-TEST] Hacking a server through SQL SERVER 7 FiC (Jan 25)
- Re: [PEN-TEST] Hacking a server through SQL SERVER 7 Brentlinger, Mike (ISS eServices) (Jan 25)
- Re: [PEN-TEST] Hacking a server through SQL SERVER 7 Frank Knobbe (Jan 25)