Exemplos de XpDirTree em C# (CSharp)

Linguagem de programação: C# (CSharp)

Classe / Tipo: XpDirTree

Exemplos em hotexamples.com: 2

XpDirTree em C# (CSharp) - 2 exemplos encontrados. Esses são os exemplos do mundo real mais bem avaliados de XpDirTree em C# (CSharp) extraídos de projetos de código aberto. Você pode avaliar os exemplos para nos ajudar a melhorar a qualidade deles.

Relacionados

IBitIndexer

MSFHeader

textfilecontent54_object

ItemNameDescriptionRec

ISqlCrudProvider

GMacValueAccessGenerator

TagSearchCondition

F94_2ProductCollection

BookingTicketContext

DataProvider

Related in langs

BookShelf (PHP)

Report (PHP)

doDelayDestroy (C++)

class_lookup (C++)

GetGMTime (Go)

Mdb (Go)

Logo (Java)

PsiFormatUtil (Java)

iterate_message_fields (Python)

get_clusters_from_fasta_filepath (Python)

Exemplo n.º 1

0

Exibir arquivo

Arquivo: SQLAuditPrivCreateProcedure.cs Projeto: vysecurity/DAFT

internal override bool Query() { SQLServerInfo i = new SQLServerInfo(credentials); i.SetInstance(instance); i.Query(); var info = i.GetResults(); SQLDatabase db = new SQLDatabase(credentials); db.EnableHasAccessFilter(); db.Query(); SQLDatabasePriv priv = new SQLDatabasePriv(credentials); priv.SetInstance(instance); priv.SetPermissionNameFilter("CREATE PROCEDURE"); var dbPrivs = new List <SQLDatabasePriv.DatabasePrivilege>(); foreach (var d in db.GetResults()) { priv.SetDatabase(d.DatabaseName); priv.Query(); foreach (var pr in priv.GetResults()) { dbPrivs.Add(pr); } } List <string> principals = new List <string>(); SetPrincipalNameFilter(info.Currentlogin); base.Query(); foreach (var s in serverRoles) { principals.Add(s.PrincipalName); } principals.Add(info.Currentlogin); principals.Add("Public"); priv.SetPermissionNameFilter("ALTER"); priv.SetPermissionTypeFilter("SCHEMA"); foreach (string principal in principals) { priv.SetPrincipalNameFilter(principal); foreach (var dbp in dbPrivs) { priv.SetDatabase(dbp.DatabaseName); priv.Query(); foreach (var asPriv in priv.GetResults()) { if (dbp.PrincipalName.Contains(principal)) { var s = new XpDirTree { ComputerName = computerName, Instance = instance, Vulnerability = "Permission - CREATE PROCEDURE", Description = "The login has privileges to create stored procedures in one or more databases. This may allow the login to escalate privileges within the database.", Remediation = "If the permission is not required remove it. Permissions are granted with a command like: GRANT CREATE PROCEDURE TO user, and can be removed with a command like: REVOKE CREATE PROCEDURE TO user", Severity = "Medium", IsVulnerable = "Yes", IsExploitable = "Unknown", Exploited = "No", ExploitCmd = "No exploit is currently available that will allow the current user to become a sysadmin.", Reference = @"https://msdn.microsoft.com/en-us/library/ms187926.aspx?f=255&MSPPError=-2147217396", Details = string.Format("The {0} principal has EXECUTE privileges on the {1} procedure in the master database.", principal, xp) }; spExecuteAs.Add(s); } } } } return(true); }

Exemplo n.º 2

0

Exibir arquivo

Arquivo: SQLAuditPrivXp.cs Projeto: xinyuweb/DAFT

internal override bool Query() { SQLServerInfo i = new SQLServerInfo(credentials); i.SetInstance(instance); i.Query(); var info = i.GetResults(); List <string> principals = new List <string>(); SetPrincipalNameFilter(info.Currentlogin); base.Query(); foreach (var s in serverRoles) { principals.Add(s.PrincipalName); } principals.Add(info.Currentlogin); principals.Add("Public"); SQLDatabasePriv p = new SQLDatabasePriv(credentials); p.SetInstance(instance); p.SetDatabase("master"); p.SetPermissionNameFilter("EXECUTE"); p.Query(); var dirTree = new List <SQLDatabasePriv.DatabasePrivilege>(); foreach (var priv in p.GetResults()) { if (!string.IsNullOrEmpty(priv.ObjectName) && priv.ObjectName.Contains(xp) && priv.StateDescription.Contains("grant")) { dirTree.Add(priv); } } foreach (var r in dirTree) { if (r.PrincipalName.Contains("public") || principals.Contains(r.PrincipalName)) { var s = new XpDirTree { ComputerName = computerName, Instance = instance, Vulnerability = string.Format("Excessive Privilege - Execute {0}", xp), Description = string.Format("{0} is a native extended stored procedure that can be executed by members of the Public role by default in SQL Server 2000-2014. {0} can be used to force the SQL Server service account to authenticate to a remote attacker. The service account password hash can then be captured + cracked or relayed to gain unauthorized access to systems. This also means {0} can be used to escalate a lower privileged user to sysadmin when a machine or managed account isnt being used. Thats because the SQL Server service account is a member of the sysadmin role in SQL Server 2000-2014, by default.", xp), Remediation = string.Format("Remove EXECUTE privileges on the {0} procedure for non administrative logins and roles. Example command: REVOKE EXECUTE ON {0} to Public.", xp), Severity = "Medium", IsVulnerable = "Yes", IsExploitable = "Unknown", Exploited = "No", ExploitCmd = "Crack the password hash offline or relay it to another system.", Reference = @"https://blog.netspi.com/executing-smb-relay-attacks-via-sql-server-using-metasploit/", Details = string.Format("The {0} principal has EXECUTE privileges on the {1} procedure in the master database.", r.PrincipalName, xp) }; spExecuteAs.Add(s); } } return(true); }