MS SQL Server is widely used in enterprise networks. Due to its use by third party applications, support for legacy applications and use as a database, SQL Server is a treasure trove for attackers. It gets integrated with in an active directory environment very well, which makes it an attractive target for abuse of features and privileges.
In this training, we will see that how to attack a SQL Server not only as an individual service but as a part of the enterprise network. We will discuss the mutual trust which SQL Server has with domain, users and how linked SQL Servers can be abused. We will perform enumeration and scanning, privilege escalation and post exploitation tasks like Domain Privilege Escalation, identifying juicy information, Command Execution, retrieving system secrets, lateral movement, persistence and more.
Course Syllabus:
- SQL Server in Windows Domain
- SQL Server Roles and Privileges
- Introduction to PowerShell
- Discovery, Enumeration and Scanning
- Brute Force Attacks
- Privilege Escalation
- OS Command Execution
- Retrieving System Secrets
- Mapping and abusing domain trust
- Lateral Movement
- Database Links
- Persistence
- Identifying Juicy Information
- Defenses
You will learn
- Understanding SQL server and its domain integration
- Discovering SQL servers with and without network port scanning
- Attacking SQL servers
- Performing OS Command Execution
- Performing post exploitation tasks like Privilege Escalation, Trust abuse, retrieving system secrets, lateral movement and more
- Attacking and accessing other SQL Servers from the foothold SQL Server
- Defenses
