Ejemplo n.º 1
0
        protected bool _CheckPrivilege()
        {
            if (!SQLSysadminCheck.Query(instance, computerName, credentials))
            {
                SQLDatabaseRoleMember sDRM = new SQLDatabaseRoleMember(credentials);
                sDRM.SetComputerName(computerName);
                sDRM.SetInstance(instance);
                sDRM.SetDatabase("msdb");
                sDRM.Query();
                foreach (var row in sDRM.GetResults())
                {
#if DEBUG
                    Console.WriteLine(row.RolePrincipalName);
#endif
                    if (roles.Contains(row.RolePrincipalName))
                    {
#if DEBUG
                        Console.WriteLine(row.PrincipalName + "\t" + Environment.UserDomainName + "\\" + Environment.UserName);
#endif
                        if (row.PrincipalName.ToString().ToUpper() == Environment.UserDomainName + "\\" + Environment.UserName)
                        {
                            return(true);
                        }
                    }
                }
            }
            else
            {
                return(true);
            }

            return(false);
        }
Ejemplo n.º 2
0
        internal void Query(string query)
        {
            if (!SQLSysadminCheck.Query(instance, computerName, credentials))
            {
                Console.WriteLine("[-] User is not SysAdmin");
                return;
            }
            using (SQLConnection sql = new SQLConnection(instance))
            {
                sql.BuildConnectionString(credentials);
                if (!sql.Connect())
                {
                    return;
                }

                int sao_value = (int)_Query(sql, @"sp_configure 'Show Advanced Options'", "config_value");
                if (0 == sao_value)
                {
                    Console.WriteLine("{0} : Show Advanced Options is disabled, enabling.", instance);
                    _Query(sql, @"sp_configure 'Show Advanced Options',1;RECONFIGURE", string.Empty);
                }

                int xcs_value = (int)_Query(sql, @"sp_configure 'Ole Automation Procedures'", "config_value");
                if (0 == xcs_value)
                {
                    Console.WriteLine("{0} : Ole Automation Procedures is disabled, enabling.", instance);
                    _Query(sql, @"sp_configure 'Ole Automation Procedures',1;RECONFIGURE", string.Empty);
                }

                StringBuilder sb = new StringBuilder();
                sb.Append(QUERY1_1);
                sb.Append(string.Format("EXEC Sp_oamethod @shell, \'run\' , null, \'cmd.exe /c \"{0} > {1}\"\'", query, fileName));
                Console.WriteLine(App.DELIMITER);
                Console.WriteLine((string)_Query(sql, sb.ToString(), string.Empty));
                Console.WriteLine(App.DELIMITER);

                System.Threading.Thread.Sleep(1000);
                sb.Clear();
                sb.Append(QUERY2_1);
                sb.Append(string.Format("EXEC Sp_oamethod @fso, \'opentextfile\' , @file Out, \'{0}\', 1", fileName));
                sb.Append(QUERY2_3);
                sb.Append(string.Format("EXEC sp_oamethod @o, \'opentextfile\', @f out, \'{0}\', 1", fileName));
                sb.Append(QUERY2_5);
                Console.WriteLine((string)_Query(sql, sb.ToString(), "output"));

                sb.Clear();
                sb.Append(QUERY3_1);
                sb.Append(string.Format("EXEC Sp_oamethod @Shell, \'run\' , null, \'cmd.exe /c \"del {0}\"\' , \'0\' , \'true\'", fileName));
                Console.WriteLine((string)_Query(sql, sb.ToString(), string.Empty));

                if (0 == xcs_value && restoreState)
                {
                    _Query(sql, @"sp_configure 'Ole Automation Procedures',0;RECONFIGURE", string.Empty);
                }
                if (0 == sao_value && restoreState)
                {
                    _Query(sql, @"sp_configure 'Show Advanced Options',0;RECONFIGURE", string.Empty);
                }
            }
        }
Ejemplo n.º 3
0
        internal void Query(string query)
        {
            if (!SQLSysadminCheck.Query(instance, computerName, credentials))
            {
                Console.WriteLine("[-] User is not SysAdmin");
                return;
            }
            using (SQLConnection sql = new SQLConnection(instance))
            {
                sql.BuildConnectionString(credentials);
                if (!sql.Connect())
                {
                    return;
                }

                int sao_value = (int)_Query(sql, @"sp_configure 'Show Advanced Options'", "config_value");
                if (0 == sao_value)
                {
                    Console.WriteLine("{0} : Show Advanced Options is disabled, enabling.", instance);
                    _Query(sql, @"sp_configure 'Show Advanced Options',1;RECONFIGURE", string.Empty);
                }
                else
                {
                    Console.WriteLine("{0} : Show Advanced Options is enabled.", instance);
                }

                int xcs_value = (int)_Query(sql, @"sp_configure 'xp_cmdshell'", "config_value");
                if (0 == xcs_value)
                {
                    Console.WriteLine("{0} : xp_cmdshell is disabled, enabling.", instance);
                    _Query(sql, @"sp_configure 'xp_cmdshell',1;RECONFIGURE", string.Empty);
                }
                else
                {
                    Console.WriteLine("{0} : xp_cmdshell is enabled.", instance);
                }

                Console.WriteLine(App.DELIMITER);
                Console.WriteLine((string)_Query(sql, string.Format("EXEC master..xp_cmdshell \'{0}\'", query), "output"));
                Console.WriteLine(App.DELIMITER);

                if (0 == xcs_value && restoreState)
                {
                    Console.WriteLine("{0} : Disabling xp_cmdshell.", instance);
                    _Query(sql, @"sp_configure 'xp_cmdshell',0;RECONFIGURE", string.Empty);
                }

                if (0 == sao_value && restoreState)
                {
                    Console.WriteLine("{0} : Disabling Show Advanced Options.", instance);
                    _Query(sql, @"sp_configure 'Show Advanced Options',0;RECONFIGURE", string.Empty);
                }
            }
        }
Ejemplo n.º 4
0
        internal void Query(string query)
        {
            if (!SQLSysadminCheck.Query(instance, computerName, credentials))
            {
                Console.WriteLine("[-] User is not SysAdmin");
                return;
            }
            using (SQLConnection sql = new SQLConnection(instance))
            {
                sql.BuildConnectionString(credentials);
                if (!sql.Connect())
                {
                    return;
                }

                int sao_value = (int)_Query(sql, @"sp_configure 'Show Advanced Options'", "config_value");
                if (0 == sao_value)
                {
                    _Query(sql, @"sp_configure 'Show Advanced Options',1;RECONFIGURE", string.Empty);
                }

                int xcs_value = (int)_Query(sql, @"sp_configure 'external scripts enabled'", "config_value");
                if (0 == xcs_value)
                {
                    _Query(sql, @"sp_configure 'external scripts enabled',1;RECONFIGURE", string.Empty);
                }

                StringBuilder sb = new StringBuilder();
                sb.Append(QUERY1_1);
                sb.Append(string.Format("p = subprocess.Popen(\"cmd.exe /c {0}\", stdout=subprocess.PIPE)\n", query));
                sb.Append(QUERY1_3);
                sb.Append(QUERY1_4);
#if DEBUG
                Console.WriteLine(sb.ToString());
#endif
                Console.WriteLine(App.DELIMITER);
                Console.WriteLine((string)_Query(sql, sb.ToString(), "output"));
                Console.WriteLine(App.DELIMITER);

                if (0 == xcs_value && restoreState)
                {
                    _Query(sql, @"sp_configure 'external scripts enabled',0;RECONFIGURE", string.Empty);
                }
                if (0 == sao_value && restoreState)
                {
                    _Query(sql, @"sp_configure 'Show Advanced Options',0;RECONFIGURE", string.Empty);
                }
            }
        }
Ejemplo n.º 5
0
        internal override bool Query()
        {
            using (SQLConnection sql = new SQLConnection(instance))
            {
                sql.BuildConnectionString(credentials);
                if (!sql.Connect())
                {
                    return(false);
                }

                if (!SQLSysadminCheck.Query(instance, computerName, credentials))
                {
                    Console.WriteLine("[-] User is not Sysadmin");
                    return(false);
                }

                SQLServerInfo i = new SQLServerInfo(credentials);
                i.SetInstance(instance);
                i.Query();
                SQLServerInfo.Details d = i.GetResults();

                int versionShort;
                if (!int.TryParse(d.SQLServerMajorVersion.Split('.').First(), out versionShort))
                {
                    Console.WriteLine("[-] Unable to ascertain SQL Version");
                    Console.WriteLine("[*] It is possible to override this with the --version flag");
                    return(false);
                }

                string query = string.Empty;
                if (8 < versionShort)
                {
                    query = QUERY1_1;
                }
                else
                {
                    query = QUERY2_1;
                }

                //table = sql.Query(query);
                hashes = sql.Query <Hash>(query, new Hash());
            }
            return(false);
        }
Ejemplo n.º 6
0
        internal override bool Query()
        {
            bool isSysAdmin = false;

            using (SQLConnection sql = new SQLConnection(instance))
            {
                sql.BuildConnectionString(credentials);
                if (!sql.Connect())
                {
                    return(false);
                }

                isSysAdmin = SQLSysadminCheck.Query(instance, computerName, credentials);

                string query = query1_1;
                if (isSysAdmin)
                {
                    query += query1_2;
                }
                query += string.Format("SELECT  \'{0}\' as [ComputerName],\n", computerName);;
                query += query1_4;
                if (isSysAdmin)
                {
                    query += query1_5;
                }
                query += query1_6;

                table = sql.Query(query);
            }

            foreach (DataRow row in table.AsEnumerable())
            {
                try
                {
                    details = new Details
                    {
                        ComputerName           = (string)row["ComputerName"],
                        Instance               = (string)row["Instance"],
                        DomainName             = (string)row["DomainName"],
                        ServiceProcessID       = (int)row["ServiceProcessID"],
                        ServiceName            = (string)row["ServiceName"],
                        ServiceAccount         = (string)row["ServiceAccount"],
                        AuthenticationMode     = (string)row["AuthenticationMode"],
                        ForcedEncryption       = (int)row["ForcedEncryption"],
                        Clustered              = (string)row["Clustered"],
                        SQLServerVersionNumber = (string)row["SQLServerVersionNumber"],
                        SQLServerMajorVersion  = (string)row["SQLServerMajorVersion"],
                        SQLServerEdition       = (string)row["SQLServerEdition"],
                        SQLServerServicePack   = (string)row["SQLServerServicePack"],
                        OSArchitecture         = (string)row["OSArchitecture"],
                        OsVersionNumber        = (string)row["OsVersionNumber"],
                        Currentlogin           = (string)row["Currentlogin"]
                    };

                    if (isSysAdmin)
                    {
                        details.OsMachineType = (string)row["OsMachineType"];
                        details.OSVersionName = (string)row["OSVersionName"];
                    }
#if DEBUG
                    Misc.PrintStruct <Details>(details);
#endif
                    return(true);
                }
                catch (Exception ex)
                {
                    if (ex is ArgumentNullException)
                    {
                        Console.WriteLine("Empty Response");
                    }
                    else
                    {
                        Console.WriteLine(ex.Message);
                    }
                    return(false);
                }
            }
            return(false);
        }
Ejemplo n.º 7
0
        internal override bool Query()
        {
            bool isSysAdmin = false;

            using (SQLConnection sql = new SQLConnection(instance))
            {
                sql.BuildConnectionString(credentials);
                if (!sql.Connect())
                {
                    return(false);
                }

                isSysAdmin = SQLSysadminCheck.Query(instance, computerName, credentials);

                StringBuilder sb = new StringBuilder();
                sb.Append(string.Format("USE master;\nSELECT  \'{0}\' as [ComputerName],\n\'{1}\' as [Instance],", computerName, instance));
                sb.Append(QUERY1_2);
                if (!string.IsNullOrEmpty(credentialFilter))
                {
                    sb.Append(credentialFilter);
                }
#if DEBUG
                Console.WriteLine(sb.ToString());
#endif
                //table = sql.Query(sb.ToString());
                serverCredentials = sql.Query <ServerCredential>(sb.ToString(), new ServerCredential());
            }

            /*
             * foreach (DataRow row in table.AsEnumerable())
             * {
             *  try
             *  {
             *      ServerCredential sc = new ServerCredential
             *      {
             *          ComputerName = (string)row["ComputerName"],
             *          Instance = (string)row["Instance"],
             *          credential_id = (int)row["credential_id"],
             *          CredentialName = (string)row["CredentialName"],
             *          credential_identity = (string)row["credential_identity"],
             *          create_date = (DateTime)row["create_date"],
             *          modify_date = (DateTime)row["modify_date"],
             *          target_type = (string)row["target_type"],
             *          target_id = (int)row["target_id"]
             *      };
             #if DEBUG
             *      Misc.PrintStruct<ServerCredential>(sc);
             #endif
             *      serverCredentials.Add(sc);
             *      return true;
             *  }
             *  catch (Exception ex)
             *  {
             *      if (ex is ArgumentNullException)
             *          Console.WriteLine("Empty Response");
             *      else
             *          Console.WriteLine(ex.Message);
             *      return false;
             *  }
             * }
             */
            return(false);
        }
Ejemplo n.º 8
0
        internal override bool Query()
        {
            bool isSysAdmin = false;

            using (SQLConnection sql = new SQLConnection(instance))
            {
                sql.BuildConnectionString(credentials);
                if (!sql.Connect())
                {
                    return(false);
                }

                isSysAdmin = SQLSysadminCheck.Query(instance, computerName, credentials);

                StringBuilder sb = new StringBuilder();
                sb.Append(QUERY1_1);
                if (isSysAdmin)
                {
                    sb.Append(QUERY1_2);
                }
                sb.Append(QUERY1_3);
                if (isSysAdmin)
                {
                    sb.Append(QUERY1_4);
                }
#if DEBUG
                Console.WriteLine(sb.ToString());
#endif
                //table = sql.Query(sb.ToString());
                serverLogins = sql.Query <ServerLogin>(sb.ToString(), new ServerLogin());
            }

            /*
             * foreach (DataRow row in table.AsEnumerable())
             * {
             *  try
             *  {
             *      ServerLogin sl = new ServerLogin
             *      {
             *          ComputerName = computerName,
             *          Instance = instance,
             *          DBEngineLogin = (string)row["DBEngineLogin"],
             *          AgentLogin = (string)row["AgentLogin"],
             *          BrowserLogin = (string)row["BrowserLogin"],
             *          WriterLogin = (string)row["WriterLogin"],
             *          AnalysisLogin = (object)row["AnalysisLogin"],
             *          ReportLogin = (object)row["ReportLogin"],
             *          IntegrationLogin = (object)row["IntegrationLogin"]
             *      };
             #if DEBUG
             *      Misc.PrintStruct<ServerLogin>(sl);
             #endif
             *      serverLogins.Add(sl);
             *      return true;
             *  }
             *  catch (Exception ex)
             *  {
             *      if (ex is ArgumentNullException)
             *          Console.WriteLine("Empty Response");
             *      else
             *          Console.WriteLine(ex.Message);
             *      return false;
             *  }
             * }
             */
            return(true);
        }