To: Boogieman
Yes, OSQL allows you to authenticate using Windows authentication instead of normal SQL authentication, IF you are logged into the SQL server machine with a Windows account that has permission to modify the database.
So if you can gain access to an account like that on the server, you don’t actually need SQL credentials.
It's not just OSQL. SQL Server by default supports Windows Authentication, and/or SQL Authentication for any client connecting to the database.
Yes - if you long on with a Windows account that has elevated privileges, then you already have that access. Executing a command under the context of that account, whether through a batch file, an application, or SSMS isn't elevating your privileges - it's what you had when you logged onto that account.
To: Technical
“Executing a command under the context of that account, whether through a batch file, an application, or SSMS isn’t elevating your privileges - it’s what you had when you logged onto that account.”
Yes, but batch files can be scheduled to run later, when you may not have elevated privileges anymore, so it’s an exploit you can use for various purposes when combined with that.
Similar to the old method used by the “Cuckoo’s Nest” hacker, if you ever read that book.
To: Technical
Executing a command under the context of that account, whether through a batch file, an application, or SSMS isn't elevating your privilegesApparently you're not clever enough to submit a 'login' command in a batch script file with Administrator credentials? And then do your dirty work, and end with a deletion of log file entries, followed by a 'logout' command?
441 posted on
08/12/2021 10:04:16 AM PDT by
RideForever
(Trollin', trollin', trollin', keep those lies a-rollin' ...)
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson