Look for sp_execute_external_script in mssql_enum
sp_execute_external_script can be used to execute code in MSSQL. MSSQL 2016+ can be configured to execute R code. MSSQL 2017 can be configured to execute Python code. Documentation: https://docs.microsoft.com/en-us/sql/relational-databases/system-stored-procedures/sp-execute-external-script-transact-sql https://docs.microsoft.com/en-us/sql/advanced-analytics/tutorials/rtsql-using-r-code-in-transact-sql-quickstart Interesting uses of sp_execute_external_script: R - https://pastebin.com/zBDnzELT Python - https://gist.github.com/james-otten/63389189ee73376268c5eb676946ada5bug/bundler_fix
parent
70a82b5c67
commit
e642789674
|
@ -509,6 +509,7 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
dangeroussp = [
|
dangeroussp = [
|
||||||
'sp_createorphan',
|
'sp_createorphan',
|
||||||
'sp_droporphans',
|
'sp_droporphans',
|
||||||
|
'sp_execute_external_script',
|
||||||
'sp_getschemalock',
|
'sp_getschemalock',
|
||||||
'sp_prepexec',
|
'sp_prepexec',
|
||||||
'sp_prepexecrpc',
|
'sp_prepexecrpc',
|
||||||
|
|
Loading…
Reference in New Issue