Skip to content

Instantly share code, notes, and snippets.

@james-otten
james-otten / sp_execute_external_script_in_python.md
Last active August 21, 2021 14:32
Executing Python inside MSSQL using sp_execute_external_script

Executing Python in MSSQL

MSSQL 2017 includes Microsoft Machine Learning Services, which allows for the execution of Python and R scripts within MSSQL via sp_execute_external_script. This is an expansion of the functionality available in MSSQL 2016, which allowed for the execution of R scripts with SQL Server R Services. Examples of how to abuse this functionality with R scripts are available elsewhere.

To execute Python code:

  • Machine Learning Services (In-Database) and Python must have been selected during installation
  • External scripts must be enabled
    • EXEC sp_configure 'external scripts enabled', 1
    • RECONFIGURE WITH OVERRIDE
    • Restart the database server
  • The user must have EXECUTE ANY EXTERNAL SCRIPT
@james-otten
james-otten / uneven_markdown_quotes.sh
Created August 27, 2017 00:39
Uneven markdown quotes
#!/bin/bash
for DOC in $(find metasploit-framework/documentation -type f -name '*.md'); do
quotes=$(grep -o \`\`\` $DOC | wc -l)
if [ "$(($quotes % 2))" != "0" ]; then
echo $DOC $quotes
fi
done
@james-otten
james-otten / nikto_dev.md
Created October 16, 2019 01:40
Workflow for adding new nikto tests

Add nikto tests

  • Add new tests nano -L program/databases/udb_tests
  • Test just the new tests ./nikto.pl -Userdbs tests -Plugins tests -Display V -host https://example.com
  • Move the new tests to the db cat udb_tests >> db_tests
@james-otten
james-otten / keybase.md
Created December 18, 2019 05:26
keybase.md

Keybase proof

I hereby claim:

  • I am james-otten on github.
  • I am jamesotten (https://keybase.io/jamesotten) on keybase.
  • I have a public key ASAbhH3qh6bJTEWb6Q-lGcRQsS154onwIZdxXYktue8I9go

To claim this, I am signing this object:

@james-otten
james-otten / xss.md
Last active December 15, 2020 06:27
SolarWinds Database Performance Analyzer Various XSS

SolarWinds Database Performance Analyzer Various XSS CVE-2018-16243

James Otten 8/30/2018

All items tested in versions 11.1.468 and 12.0.3074.

logViewer.iwc

Instance 1

  • As a low privileged read only user, navigate to /iwc/reports.iwc?repo_id=1&db_id=&filterDbId=<svg/onload=alert(/error_log/)>&type=&pm=P
  • As a privileged user, go to /iwc/logViewer.iwc and view the contents of the iwc or error log.
  • XSS experienced.