MSSQL-Attacks for red teamers (Lab Setup – Part 3)

Comments off | SQL By · 06/12/2022



MSSQL-Attacks for red teamers (Lab Setup – Part 3)

MSSQL-Attacks for red teamers (Lab Setup - Part 3)

#MSSQL service #attacks are very common during an #Active-Directory security #assessment . In this series I will be guiding to building and exploiting MSSQL Service within an active directory env.

In this video I added misconfigurations in an SQL instance which could be exploited easily by an attacker. The exploitation part will be the next and final.
================= Commands =================
“`
/*Create Login*/
CREATE LOGIN [ROBENSIVE-LABSsqluser] FROM WINDOWS;
CREATE USER [ROBENSIVE-LABSsqluser] FOR LOGIN [ROBENSIVE-LABSsqluser];
GO
CREATE LOGIN [ROBENSIVE-LABSsqladmin] FROM WINDOWS;
CREATE USER [ROBENSIVE-LABSsqladmin] FOR LOGIN [ROBENSIVE-LABSsqladmin];

GO

create database sqluserdb
create database sqladmindb
GO
use sqluserdb
go
grant EXEC,select,insert,update,delete on database::sqluserdb to [ROBENSIVE-LABSsqluser]
go

use sqladmindb;
go
grant EXEC,select,insert,update,delete on database::sqladmindb to [ROBENSIVE-LABSsqladmin]
go

/*User Impersonation*/
GRANT IMPERSONATE ON LOGIN::[ROBENSIVE-LABSsqladmin] TO [ROBENSIVE-LABSsqluser]
GRANT IMPERSONATE ON LOGIN::[ROBENSIVE-LABSrob] TO [ROBENSIVE-LABSsqladmin]
GRANT IMPERSONATE ON LOGIN::[sa] TO [ROBENSIVE-LABSsqladmin]
go
use msdb
GRANT IMPERSONATE ON USER::dbo TO [ROBENSIVE-LABSsqluser]
go
/*Linked Servers*/
use master
EXEC sp_addlinkedserver @server=’DC01′, @srvproduct=’SQL Server’
EXEC sp_addlinkedsrvlogin @rmtsrvname=N’DC01′, @useself=N’False’, @locallogin=NULL, @rmtuser=N’sa’, @rmtpassword=’Admin@123′
“`
================= Chapters =================

00:00 – Intro
00:09 – An Overview
03:15 – Add Domain-users
06:29 – Creating and granting DB
09:28 – User Impersonation
14:59 – DBO Impersonation
18:14 – Setting up Linked Server
21:04 – Validation (Linked Server)
22:36 – Linked Server login
26:58 – Mystikcon 2022

53GB.COM GPTSTORE CPU Yougpt Gptsio Gpt-store-Nav