Microsoft SQL Server Post-Exploitation - When Databases Attack

Presented at ToorCon San Diego 14 (2012), Oct. 20, 2012, 2 p.m. (50 minutes)

Microsoft SQL Server is a common foothold into most environments vulnerable to SQL Injection attacks or development environments where database passwords are easily harvested.  A lot of methodologies exist for performing a pen-test where SQL has been a point of compromise, but none of them suggest operating entirely inside of SQL for conducting further attacks against the environment.  A fully compromised instance of MS-SQL provides the quintessential example of a single compromise posing significant risk to an environment, where the attacker can operate with an exceptional level of stealth.  This talk demonstrates the usefulness of MS-SQL as an attack platform, as well as the useful information and features that are provided as part of the extended stored procedure functionality of SQL using custom code.

Presenters:

• Rob Beck / whitey   as Rob 'whitey' Beck
  Rob is a security consulting for Casaba Security LLC.  He's previously worked at Attack Research, Honeywell International, Microsoft Corporation, and @stake LLC.  Rob is a career pen-tester and security researcher specializing in attack methodology, vulnerability research, and evasion techniques.

Similar Presentations:

• DEF CON 20 (2012) / SQL ReInjector - Automated Exfiltrated Data Identification
• DEF CON 16 (2008) / Time-Based Blind SQL Injections Using Heavy Queries: A Practical Approach to MS SQL Server, MS Acess, Oracle, MySQL Databases and Marathon Tool
• ToorCon: Seattle 2013 / The 20-minute simple SQL rootkit