Penetration Testing mailing list archives
Re: Reconfiguring cmdshell
From: Yiannis Koukouras <ikoukouras () gmail com>
Date: Mon, 2 Jul 2012 16:20:08 +0300
Hi, As I see it, in the first (valid) command you terminate with a double quote ';EXEC master..sp_configure 'xp_cmdshell', '1'' while during the second execution you terminate with a single quote. ';EXEC master..sp_configure 'xp_cmdshell', '1';RECONFIGURE' Cheers, Ioannis (Yiannis) Koukouras CISSP, CISA, CISM, OSCP MSc in Computer Systems Security BEng in Electronic Engineering http://www.linkedin.com/in/ikoukouras On Sat, Jun 30, 2012 at 10:06 PM, Smiling Buddha <smilngbuddha () gmail com> wrote:
Hi, I am on a pentest assignment and have encountered an sql injection vulnerability with an SQL Server 2005 in the background, complete with dbo level access. I have successfully retrieved DB values and have already presented as evidence. Now, i am directed to take the attack to the next level and see the extent of the problem. I am trying to run the xp_cmdshell stored procedure. To ensure xp_cmdshell is enabled, i am running the following two queries: EXEC master..sp_configure 'xp_cmdshell', '1' RECONFIGURE in the vulnerable parameter as: ';EXEC master..sp_configure 'xp_cmdshell', '1'' - This query replies without any error But when i append RECONFIGURE the following it returns an error: ';EXEC master..sp_configure 'xp_cmdshell', '1';RECONFIGURE' - Incorrect syntax near " I looked up the sp_configure functionality and don't see any syntactical error, maybe the sequence, or incorrectly formed stacked query. Any suggestions? Thanx. ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Re: Reconfiguring cmdshell 596 (Jul 02)
- <Possible follow-ups>
- Re: Reconfiguring cmdshell Yiannis Koukouras (Jul 02)