MSSQL Servers
Tools
PowerUpSQL includes functions that support SQL Server discovery, weak configuration auditing, privilege escalation on scale, and post exploitation actions such as OS command execution.
Enumeration
Database Links
A database link allows a SQL Server to access external data sources like other SQL Servers and Data Source Objects (OLE DB).
In case of database links between SQL servers, that is, linked SQL servers it is possible to execute stored procedures even across forest trusts.
Abuse
We can use links to execute commands across database links where Sysadmin set to 1
In case that rpcout is enabled (disabled by default), xp_cmdshell can be enabled using:
Last updated