9 Compromising Microsoft SQL Server

This chapter will focus on a common and vital service of a typical Windows-based environment – Microsoft SQL Server. SQL Server is a relational database management system, similar to Oracle or MySQL. It is tightly integrated into Active Directory, allowing Windows authentication, the use of trust relationships, and much more. We will go through the usual attack steps, starting with the discovery and enumeration of instances in a target environment. A few different tools can help with these activities. Then, we will explore the ways to escalate privileges within SQL Server and then move on to run commands on the underlying operating system. This chapter will provide you with a solid understanding of lateral ...

Get Pentesting Active Directory and Windows-based Infrastructure now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Pentesting Active Directory and Windows-based Infrastructure by Denis Isakov

9

Compromising Microsoft SQL Server

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly