Need Theoretical Help With Sql T00l

Full Version: Need Theoretical Help With Sql T00l

GovernmentSecurity.org > The Archives > General Network Security

jockel

Jan 27 2004, 05:02 PM

hi evry1

i'm trying to code a little sql t00l and came up with an idea ...
With MSSQL Server you have the ability to store binray data like images in a table ..
but what if you would abuse this ability !??

the theory is as follows :

(1) create a table in the victims DB to store the file-data

(2) create a record in that table that could store binary data

(3) convert the file-data into the correct format for the record at (2)

(4) remotely insert the file-data into that record

(5) coerce the victim machine to locally export that data into a file

(6) remove the table created at (1) and tidy up.

this would give me the ability to transfer binary data without touching
xp_cmdshell, or am i wrong ?
do you think this is possible ?
yeah i know the data transfer would be a bit slow i think ;=)

but enough 4 example nc.exe or ??
what do you think??
is this possible ??

thank you for any help

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.


Help - Search - Member List - Calendar Full Version: Need Theoretical Help With Sql T00l GovernmentSecurity.org > The Archives > General Network Security jockel Jan 27 2004, 05:02 PM hi evry1 i'm trying to code a little sql t00l and came up with an idea ... With MSSQL Server you have the ability to store binray data like images in a table .. but what if you would abuse this ability !?? the theory is as follows : (1) create a table in the victims DB to store the file-data (2) create a record in that table that could store binary data (3) convert the file-data into the correct format for the record at (2) (4) remotely insert the file-data into that record (5) coerce the victim machine to locally export that data into a file (6) remove the table created at (1) and tidy up. this would give me the ability to transfer binary data without touching xp_cmdshell, or am i wrong ? do you think this is possible ? yeah i know the data transfer would be a bit slow i think ;=) but enough 4 example nc.exe or ?? what do you think?? is this possible ?? thank you for any help This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.