The Database Hacker's Handbook: Defending Database Servers by

System

These procedures access the Windows operating system directly to return information or to manage files and processes.

• xp_availablemedia: Shows the physical drives on the server.
• xp_cmdshell: Allows execution of operating system commands in the security context of the SQL Server service. The most powerful and widely abused stored procedure.
• xp_displayparamstmt: Older versions are vulnerable to buffer overflow attacks. Undocumented, it can be used to execute SQL queries but its original purpose is unclear.
• xp_dropwebtask: Deletes a defined web job (instruction to render the result of a query into an HTML file).
• xp_enumerrorlogs: Displays the error logs used by SQL Server.
• xp_enumgroups: Lists the Windows user groups defined on the server.
• xp_eventlog: Used to read the Windows event logs.
• xp_execresultset: An undocumented procedure used to execute a number of commands passed as a resultset. Can be abused to quickly perform brute-force attacks against passwords if the password dictionary is available as a resultset.
• xp_fileexist: Tests if a specified file exists on the server's filesystem.
• xp_fixeddrives: Returns information about the server's drives and free space.
• xp_getfiledetails: Returns information about a particular file on the server, such as its size/creation date/last modified.
• xp_getnetname: Shows the server's network name. This could allow an attacker to guess the names of other machines on the network.
• xp_grantlogin: Used to grant a Windows user or group access ...