-
Notifications
You must be signed in to change notification settings - Fork 4
/
MSSQL.cs
34 lines (31 loc) · 1.52 KB
/
MSSQL.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
namespace Reecon
{
class MSSQL
{
public static string GetInfo(string target, int port)
{
// TODO: Implement MSSQL handshake for server version
// TODO: Implement MSSQL NTLM handshake for server version
// TODO: Implement basic auth'd enumeration (VERSION, DB's, Tables, user privs)
/*
select dp.NAME AS principal_name,
dp.type_desc AS principal_type_desc,
o.NAME AS object_name,
p.permission_name,
p.state_desc AS permission_state_desc
from sys.database_permissions p
left OUTER JOIN sys.all_objects o
on p.major_id = o.OBJECT_ID
inner JOIN sys.database_principals dp
on p.grantee_principal_id = dp.principal_id
WHERE o.NAME LIKE 'xp_%' OR o.NAME LIKE 'dm_os_file%';
1 Line
select dp.NAME AS principal_name, dp.type_desc AS principal_type_desc, o.NAME AS object_name, p.permission_name, p.state_desc AS permission_state_desc from sys.database_permissions p left OUTER JOIN sys.all_objects o on p.major_id = o.OBJECT_ID inner JOIN sys.database_principals dp on p.grantee_principal_id = dp.principal_id WHERE o.NAME LIKE 'xp_%' OR o.NAME LIKE 'dm_os_file%';
*/
// EXEC xp_dirtree 'C:\', 1, 1
// If `public` has `xp_dirtree`, then you can capture the hash
// If `public` has `dm_os_file_exists`, then you can check what files exist
return "";
}
}
}