NetSPI Blog

OWASP AppSec 2012 Presentation: SQL Server Exploitation, Escalation, and Pilfering

Scott Sutherland
November 5th, 2012

Antti and I had a great time presenting “SQL Server Exploitation, Escalation, and Pilfering” at the OWASP AppSec 2012 conference in Austin a few weeks ago. Thank you to everyone who came out. The attendance and feedback were very much appreciated. For those of you who couldn’t make it, we’ve put together this blog to provide access to the presentation slides, Metasploit modules, and demo videos we released at the conference.  Also, we’ll be presenting it as a webinar on November 15, 2012.  You should be able sign up on the NetSPI website if you’re interested. I would also like to call out that there were quite a few great talks at the conference. It sounds like the videos will be released in a few weeks. My guess is that they will let people know via or the appsecusa Twitter feed. I recommend checking them out.

Presentation Summary and Slides

Below is a summary description our presentation slide deck. If you’re interested in downloading it you can grab it from here or you can view it on Slideshare. During this presentation attendees will be introduced to lesser known, yet significant vulnerabilities in SQL Server implementations related to common trust relationships, misconfigurations, and weak default settings. The issues that will be covered are often leveraged by attackers to gain unauthorized access to high value systems, applications, and sensitive data. An overview of each issue, common vectors of attack, and manual techniques will be covered. Finally newly created Metasploit modules and TSQL scripts will be demonstrated that help automate the attacks. This presentation will be valuable to penetration testers who are looking for faster ways to gain access to critical data and systems. Additionally, it should be worth while for developers and database administrators who are interested in gaining a better understanding of how to protect their applications and databases from these attacks.

Metasploit Modules, Scripts, and Videos Released

  1. Microsoft SQL Server Authorization Bypass
    1. Metasploit Module (currently in Metasploit)
    2. Video Demo
  2. Microsoft SQL Server – Find and Sample Data
    1. Metasploit Module (currently in Metasploit)
    2. Original TSQL Script
    3. Video Demo
  3. Microsoft SQL Server NTLM Stealer
    1. Metasploit Module (currently in Metasploit)
  4. Microsoft SQL Server NTLM Stealer SQLi
    1. Metasploit Module (currently in Metasploit)
    2. Video Demo
  5. Microsoft SQL Database Link Crawler
    1. Metasploit Module (Submitted to Metasploit)
  6. Microsoft SQL Database Link Crawler SQLi
    1. Metasploit Module Download (Submitted to Metasploit)
    2. Video Demo
  7. Microsoft SQL Shared Services Script
    1. TSQL Script Download

Wrap Up

Eventually Antti and I will provide more detailed blogs for each of the attacks we included in the presentation.  My hope is that we’ll also find the time to write some data scraper modules for database links. If anyone has any questions, comments, or corrections please feel free to contact me.   In mean time, have fun and hack responsibly.

Leave a Reply

Be the First to Comment!

Notify of