abusing_sql_server_trusts--post_exploitation_enumeration

POST EXPLOITATION ENUMERATION After getting access to a SQL Server, interesting information can be gathered :

Version - SELECT @@version

Current User - SELECT SUSER_SNAME() SELECT SYSTEM_USER SELECT IS_SRVROLEMEMBER('sysadmin')

Current Role – SELECT user

Current database - SELECT db_name()

List all databases - SELECT name FROM master..sysdatabases

(If below is run with sysadmin privs - more logins are shown)

All logins on server - SELECT * FROM sys.server_principals WHERE type_desc != 'SERVER_ROLE'

All database users for a database - SELECT * FROM sys.database_principals WHERE type_desc != 'DATABASE_ROLE'

(If below is run with sysadmin privs - more logins are shown)

List all sysadmin - SELECT name,type_desc,is_disabled FROM sys.server_principals WHERE IS_SRVROLEMEMBER ('sysadmin',name) = 1

List all database roles - SELECT DP1.name AS DatabaseRoleName, isnull (DP2.name, 'No members') AS DatabaseUserName FROM sys.database_role_members AS DRM RIGHT OUTER JOIN sys.database_principals AS DP1 ON DRM.role_principal_id = DP1.principal_id LEFT OUTER JOIN sys.database_principals AS DP2 ON DRM.member_principal_id = DP2.principal_id WHERE DP1.type = 'R' ORDER BY DP1.name;

Effective Permissions for the server - SELECT * FROM fn_my_permissions(NULL, 'SERVER');

Effective Permissions for the database - SELECT * FROM fn_my_permissions(NULL, 'DATABASE');

Active user token – SELECT * FROM sys.user_token

Active login token - SELECT * FROM sys.login_token

Previousabusing_sql_server_trusts Next31 SQL

Last updated 3 years ago

Was this helpful?