Scott Sutherland nullbind
nullbind
/ SQL Server - Making a DAC connection via SQLi using ad-hoc queries
Last active
September 16, 2019 04:58
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -- Making a DAC connection via SQLi or direct connection using ad-hoc queries | |
| -- Verify that we don't have access to hidden SQL Server system tables - returns msg 208 "Invalid object name 'sys.sysrscols'." | |
| SELECT * FROM sys.sysrscols | |
| -- Enable ad hoc queries (disabled by default) | |
| -- Note: Changing this configuration requires sysadmin privileges. | |
| -- Note: For sqli this can be placed into a stored procedure or binary encoded+executed with exec |
nullbind
/ SQL Server - List Privileges
Created
March 11, 2016 18:38
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -- Returns server level privileges. | |
| -- Reference: http://msdn.microsoft.com/en-us/library/ms186260.aspx | |
| SELECT GRE.name AS Grantee | |
| ,GRO.name AS Grantor | |
| ,PER.class_desc AS PermClass | |
| ,PER.permission_name AS PermName | |
| ,PER.state_desc AS PermState | |
| ,COALESCE(PRC.name, EP.name, N'') AS ObjectName | |
| ,COALESCE(PRC.type_desc, EP.type_desc, N'') AS ObjectType | |
| FROM [sys].[server_permissions] AS PER |
nullbind
/ SQL Server - List Enabled Audit Specifications
Created
March 11, 2016 18:09
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -- List enabled server specifications | |
| SELECT audit_id, | |
| a.name as audit_name, | |
| s.name as server_specification_name, | |
| d.audit_action_name, | |
| s.is_state_enabled, | |
| d.is_group, | |
| d.audit_action_id, | |
| s.create_date, | |
| s.modify_date |
NewerOlder