From: Roman Medina (roman@rs-labs.com)
Date: Wed Feb 19 2003 - 19:28:07 EST
On Wed, 19 Feb 2003 23:22:06 -0800, you wrote:
>>.....The goal is to elevate priviledges.
>
>>How would you achieve this? ...
>
>You need to take a look at OPENROWSET:
>
>' UNION SELECT * FROM
>OPENROWSET('SQLOLEDB','localhost';'sa';'testpass','SELECT @@version')--
>
>Adhoc queries need to be enabled, though.
Hi David,
I had tried this and it worked / works:
Microsoft OLE DB Provider for ODBC Drivers (0x80004005)
[Microsoft][ODBC SQL Server Driver][SQL Server]Error de inicio de
sesión del usuario 'sa'.
Error msg is in Spanish but it seems ok: it tries to login with 'sa'
user but the password isn't correct. My question was about how to
automatize this.
Is there any form of SQL script that could be injected to perform the
brute force attack? I mean, I'm looking for some kind of semi-complex
SQL sentence which should generate character combinations becoming a
new possible password, and then it should try to use the password in a
sentence like the one you submitted. The script must be executed
locally in the victim server, through SQL injection hole.
Thanks again and excuse me if I didn't explain the problem well.
Regards,
--Roman
-- PGP Fingerprint: 09BB EFCD 21ED 4E79 25FB 29E1 E47F 8A7D EAD5 6742 [Key ID: 0xEAD56742. Available at KeyServ] ---------------------------------------------------------------------------- Do you know the base address of the Global Offset Table (GOT) on a Solaris 8 box? CORE IMPACT does. http://www.securityfocus.com/core
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:28 EDT