Penetration Testing mailing list archives

Re: Reconfiguring cmdshell

From: Yiannis Koukouras <ikoukouras () gmail com>
Date: Mon, 2 Jul 2012 16:20:08 +0300

Hi,

As I see it, in the first (valid) command you terminate with a double quote
';EXEC master..sp_configure 'xp_cmdshell', '1''

while during the second execution you terminate with a single quote.
 ';EXEC master..sp_configure 'xp_cmdshell', '1';RECONFIGURE'

Cheers,
Ioannis (Yiannis) Koukouras
CISSP, CISA, CISM, OSCP
MSc in Computer Systems Security
BEng in Electronic Engineering
http://www.linkedin.com/in/ikoukouras


On Sat, Jun 30, 2012 at 10:06 PM, Smiling Buddha <smilngbuddha () gmail com> wrote:

Hi,

I am on a pentest assignment and have encountered an sql injection
vulnerability with an SQL Server 2005 in the background, complete with
dbo level access. I have successfully retrieved DB values and have
already presented as evidence. Now, i am directed to take the attack
to the next level and see the extent of the problem.

I am trying to run the xp_cmdshell stored procedure.
To ensure xp_cmdshell is enabled, i am running the following two queries:

EXEC master..sp_configure 'xp_cmdshell', '1'
RECONFIGURE
in the vulnerable parameter as:

';EXEC master..sp_configure 'xp_cmdshell', '1''     - This query
replies without any error

But when i append RECONFIGURE the following it returns an error:

';EXEC master..sp_configure 'xp_cmdshell', '1';RECONFIGURE'   -
Incorrect syntax near "


I looked up the sp_configure functionality and don't see any
syntactical error, maybe the sequence, or incorrectly formed stacked
query.

Any suggestions?


Thanx.

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Current thread:

Re: Reconfiguring cmdshell 596 (Jul 02)
- <Possible follow-ups>
- Re: Reconfiguring cmdshell Yiannis Koukouras (Jul 02)