Lateral Movement
Lateral movement allows a tester to gain access to different sets of functionality/data that don't explicitly require a more privileged user. Switching user accounts laterally will expose different information and could aid in compromising a more privileged user.
* Requires privileged user
| Description | Query |
|---|---|
| Create Users | CREATE USER 'netspi'@'%' IDENTIFIED BY 'password' |
| Drop User | DROP USER netspi |
Lateral Movement
Lateral movement allows a tester to gain access to different sets of functionality/data that don't explicitly require a more privileged user. Switching user accounts laterally will expose different information and could aid in compromising a more privileged user.
| Description | Query |
|---|---|
| Create Users | CREATE USER user IDENTIFIED by pass; |
| Drop Users | DROP USER user |
Lateral Movement
Lateral movement allows a tester to gain access to different sets of functionality/data that don't explicitly require a more privileged user. Switching user accounts laterally will expose different information and could aid in compromising a more privileged user.
* Requires privileged user
| Description | Query |
|---|---|
| Create Users | EXEC sp_addlogin 'user', 'pass'; |
| Drop Users | EXEC sp_droplogin 'user'; |
| Link crawling | https://blog.netspi.com/sql-server-link-crawling-powerupsql/ |
| Connect to remote database as current service | --Requires sysadmin SELECT * FROM OPENDATASOURCE('SQLNCLI', 'Server=MSSQLSRV04\SQLSERVER2016;Trusted_Connection=yes;').master.dbo.sysdatabases |
© 2024 Copyright by NetSPI. All rights reserved.