Browsed by
Category: SQL Attacks

Gain System Access and Persistence with SQL Native Attacks – SQL Attacks

Gain System Access and Persistence with SQL Native Attacks – SQL Attacks

What to Do with Your New SQL Kingdom In the last posts, we explored ways to gain access to MS SQL and to extract the data it contains. The fun thing with MS SQL, though, is that is just the start. Every application has a certain amount of access to other resources. Databases generally have a lot of low-level access to system since their whole purpose in life is to optimize access to data. That means augmenting some basic IO…

Read More Read More

Compromise with PowerUpSQL – SQL Attacks

Compromise with PowerUpSQL – SQL Attacks

Completely Owning MS SQL Server If what you’re after is a toolkit to own Microsoft SQL Server from end to end, then what you need is PowerUpSQL. Implemented in PowerShell and as complete as they come, PowerUpSQL has tools to discover, compromise, elevate, target, and own just about any SQL system. It’s the whole kill chain in one tool. Just as I could have run all the initial discovery and compromise through metasploit but chose to break it up, I…

Read More Read More

Finding Microsoft SQL Server Targets – SQL Attacks

Finding Microsoft SQL Server Targets – SQL Attacks

After all the posts about attacking different parts of IT infrastructure, it seems impossible that we have never used nmap as a tool before. Nmap is one of the most reliable and well-known tools of the trade for attackers. More than that, it is used by security pros and IT admins for a huge number of tasks. In their own words, the makers of nmap say it is a “utility for network discovery and security auditing.” I think that sells…

Read More Read More

Attacking Microsoft SQL Server Databases

Attacking Microsoft SQL Server Databases

In the business of selling security solutions, not too long ago the phrase “defense in depth” dominated the messages. It was meant to evoke an image of defending each layer of the IT infrastructure with uniquely suited solutions. Now everyone recognizes that the notions about perimeter defenses are flawed. Real security is built into everything, not wrapped around it. However, there are many corners of the IT stack that seem to still behave as if security is going to be…

Read More Read More

Start a Free StealthAUDIT® Trial!

No risk. No obligation.