Description: In this video you will learn how to use Microsoft SQL Server for Local Authorization Bypass using metasploit module
and how you can add a system user using Metasploit for accessing SQL Server.
Slide : - http://www.slideshare.net/nullbind/sql-server-exploitation-escalation-pilfering-appsec-usa-2012?ref=http://www.netspi.com/blog/2012/11/05/owasp-appsec-2012-presentation-sql-server-exploitation-escalation-and-pilfering/
When this module is executed, it can be used to add a sysadmin to local SQL Server instances. It first attempts to gain LocalSystem privileges using the "getsystem" escalation methods. If those privileges are not sufficient to add a sysadmin, then it will migrate to the SQL Server service process associated with the target instance. The sysadmin login is added to the local SQL Server using native SQL clients and stored procedures. If no instance is specified then the first identified instance will be used. Why is this possible? By default in SQL Server 2k-2k8, LocalSystem is assigned syadmin privileges. Microsoft changed the default in SQL Server 2012 so that LocalSystem no longer has sysadmin privileges. However, this can be overcome by migrating to the SQL Server process.
Source : - http://www.metasploit.com/modules/post/windows/manage/mssql_local_auth_bypass
Tags: hacking , hack , sql-server , microsoft ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.