jewishstill.blogg.se - Sql server for mac osx sierra

#Sql server for mac osx sierra full#

Support for CVE-2010-0232, to escalate the privileges of sqlservr.exe to SYSTEM.

Integration with churrasco.exe, to escalate privileges to SYSTEM on w2k3 via token kidnapping.

Evasion techniques to confuse a few IDS/IPS/WAF.

TCP/UDP portscan from the target SQL Server to the attacking machine, in order to find a port that is allowed by the firewall of the target network and use it for a reverse shell.Creation of a custom xp_cmdshell if the original one has been removed.Privilege escalation to sysadmin group if 'sa' password has been found.Bruteforce of 'sa' password (in 2 flavors: dictionary-based and incremental).

ICMP-tunneled shell, when no TCP/UDP ports are available for a direct/reverse shell but the DB can ping your box.

DNS-tunneled pseudo-shell, when no TCP/UDP ports are available for a direct/reverse shell, but the DB server can resolve external hostnames.

Direct and reverse bindshell, both TCP and UDP.

Upload of executables using only normal HTTP requests (no FTP/TFTP needed), via vbscript or debug.exe.

Integration with Metasploit3, to obtain a graphical access to the remote DB server through a VNC server injection or just to upload Meterpreter.

Data extraction, time-based or via a DNS tunnel.Fingerprint of the remote SQL Server (version, user performing the queries, user privileges, xp_cmdshell availability, DB authentication mode).

#Sql server for mac osx sierra full#

The full documentation can be found in the tarball and also here, but here's a list of what the Ninja does: