Look for sp_execute_external_script in mssql_enum

sp_execute_external_script can be used to execute code in MSSQL.
MSSQL 2016+ can be configured to execute R code. MSSQL 2017 can
be configured to execute Python code.

Documentation:
https://docs.microsoft.com/en-us/sql/relational-databases/system-stored-procedures/sp-execute-external-script-transact-sql
https://docs.microsoft.com/en-us/sql/advanced-analytics/tutorials/rtsql-using-r-code-in-transact-sql-quickstart

Interesting uses of sp_execute_external_script:
R - https://pastebin.com/zBDnzELT
Python - https://gist.github.com/james-otten/63389189ee73376268c5eb676946ada5
bug/bundler_fix
james 2017-08-16 21:40:03 -05:00
parent 70a82b5c67
commit e642789674
1 changed files with 1 additions and 0 deletions

View File

@ -509,6 +509,7 @@ class MetasploitModule < Msf::Auxiliary
dangeroussp = [ dangeroussp = [
'sp_createorphan', 'sp_createorphan',
'sp_droporphans', 'sp_droporphans',
'sp_execute_external_script',
'sp_getschemalock', 'sp_getschemalock',
'sp_prepexec', 'sp_prepexec',
'sp_prepexecrpc', 'sp_prepexecrpc',