Re: HacMeBank - help lesson 1c

[Frank Knobbe <frank () knobbe us>]

On Mon, 2004-09-13 at 21:12, Marc Davison wrote:
> EXEC MASTER..XPCMDSHELL DIR-- command 
>
> It just comes back with an error saying permission
> denied and owner is 
> dbo. I set this up on a clean machine and want to
> allow people to run 
> this command to show the dangers of misconfigured
> servers but am not 
> sure where I went wrong in set up. I thought that I
> had followed the 
> guide. 

Perhaps you used a recent version of a database that has better security
settings out-of-the-box? I haven't investigated further but it appears
that recent MS SQL servers have by default public execute permissions
removed from xp_cmdshell and sp_cmd.

So check and make sure that "public" has execute rights on those stored
procedures you want to exploit.


Question to the list: Is that true that the default stored procedures
permissions in MS SQL have improved? (as in removed "public" from access
list). I don't have a copy handy to check a fresh install. Perhaps one
of the "dedicated" web pen testers could shed some light on this. 

Thanks,
Frank

Attachment: signature.asc
Description: This is a digitally signed message part