User Tools
docu:csheet:ofsec:hack:sql:sqlserver
Gathering information about an SQL Server database
Gather SQL Server data and valuable information once a sql-shell is obtained
-- Add `FOR XML PATH('')` at the end of every query to get everything as 1 xml string. -- You can also use `FIELD + ', ' AS 'data()'` to get fields as string.
Get current User:
SELECT CURRENT_USER
Get system logins:
SELECT * FROM master.sys.syslogins
Get all users:
SELECT * FROM master.sys.server_principals
Get Database names:
SELECT name FROM master.sys.databases
Get Table names for database:
SELECT TABLE_NAME FROM [THEDBNAME].INFORMATION_SCHEMA.TABLES
Get Column names for table:
SELECT COLUMN_NAME FROM [THEDBNAME].INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME = '[THETABLENAME]'
Get permissions granted on tables as XML (1 string)
SELECT * FROM INFORMATION_SCHEMA.TABLE_PRIVILEGES
docu/csheet/ofsec/hack/sql/sqlserver.txt · Last modified: 2020/02/08 21:16 by admin
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
