Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support to identify linked/cluster DBMS servers when possible #21

Open
bdamele opened this issue Jun 26, 2012 · 4 comments
Open

Support to identify linked/cluster DBMS servers when possible #21

bdamele opened this issue Jun 26, 2012 · 4 comments
Assignees
@bdamele
Labels
enhancement low plugins
Milestone
1.1

Comments

@bdamele
Copy link
Member

bdamele commented Jun 26, 2012

Identify linked/cluster DBMS servers when possible (e.g. MSSQL)
@ghost ghost assigned bdamele Jun 26, 2012
@chym chym mentioned this issue Nov 10, 2012
Closed
@stamparm
Copy link
Member

stamparm commented Jan 5, 2013

rapid7/metasploit-framework#976

@zeusfnx zeusfnx mentioned this issue May 14, 2014
Closed
@ghost
Copy link

ghost commented Oct 6, 2016
edited by ghost
Loading

Proposed enhancements to MSSQL enumeration:

  1. Add support for linked server enumeration:
  • Proposed cmd: --links
  • Example method: SELECT srvname FROM master..sysservers
  1. Add support for schema enumeration on linked servers:
  • Proposed cmd: -S _LINKEDSERVER_ --dbs
  • Example method: SELECT name FROM _LINKEDSERVER_.master.sys.databases
  1. Add support for sql shell on linked servers.

More info: https://blog.netspi.com/how-to-hack-database-links-in-sql-server/

Thoughts?

@stamparm
Copy link
Member

stamparm commented Oct 6, 2016

@lukapusic doable... though, only MsSQL as I can see. So, introducing too many new options for just one DBMS is a coding anti-pattern in sqlmap

@leechristensen
Copy link

+1 for this. I've had lots of success pillaging through DB links.

FWIW, database links aren't limited to just MSSQL. Oracle has them as well. https://docs.oracle.com/html/E25494_01/ds_concepts002.htm

@vayo8888 vayo8888 mentioned this issue Jul 22, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bdamele bdamele

Labels
enhancement low plugins
Projects
None yet
Milestone
1.1
Development

No branches or pull requests
3 participants
@bdamele @stamparm @leechristensen