SQL to Network Pivoting

So I am hoping someone here can shed some light on this…

Apparently one is able to gain network access from bruting MSSQL instances.

So the first part of this (in my head at least), is you would need to do some form of port scanning (nmap / Shodan etc) and look for possible entry ways. Once you have the required information, you can start brute forcing the SA account which is probably the most common account to use.

What I don’ t understand is how you can go from access to the DB (from the SA account) to network access? I have done some looking around and the closest thing I can find are articles written up about SQLi to RCE. Even CVE’ s for SQL that offer some form of code execution are few and far between.

How is this possible? Or am I misunderstanding the whole lot?

4 Likes
4 Likes

dang, I like that resource, thanks!

Great find! Thank you.

Thanks for the above article. Going to see if I can put something together that uses Shodan to scan and then PowerUpSQL to pull server information.

1 Like

Thank you pal, made my life a little easyer

Since someone already answered your question, I’ll just leave you with this old chestnut that happens to be semi-related :wink: : https://arstechnica.com/tech-policy/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack/

I also like that sources