Abusing SQL Server Trusts in a Windows Domain

MS SQL Server is widely used in enterprise networks. Due to its use by third party applications, support for legacy applications and use as a database, SQL Server is a treasure trove for attackers. It gets integrated with in an active directory environment very well, which makes it an attractive target for abuse of features and privileges.

In this training, we will see that how to attack a SQL Server not only as an individual service but as a part of the enterprise network. We will discuss the mutual trust which SQL Server has with domain, users and how linked SQL Servers can be abused. We will perform enumeration and scanning, privilege escalation and post exploitation tasks like Domain Privilege Escalation, identifying juicy information, Command Execution, retrieving system secrets, lateral movement, persistence and more.

Course Syllabus:

  • SQL Server in Windows Domain
  • SQL Server Roles and Privileges
  • Introduction to PowerShell
  • Discovery, Enumeration and Scanning
  • Brute Force Attacks
  • Privilege Escalation
  • OS Command Execution
  • Retrieving System Secrets
  • Mapping and abusing domain trust
  • Lateral Movement
  • Database Links
  • Persistence
  • Identifying Juicy Information
  • Defenses

You will learn

  • Understanding SQL server and its domain integration
  • Discovering SQL servers with and without network port scanning
  • Attacking SQL servers
  • Performing OS Command Execution
  • Performing post exploitation tasks like Privilege Escalation, Trust abuse, retrieving system secrets, lateral movement and more
  • Attacking and accessing other SQL Servers from the foothold SQL Server
  • Defenses


Nikhil Mittal

Nikhil Mittal is a hacker, infosec researcher, speaker and enthusiast. His area of interest includes penetration testing, attack research, defence strategies and post exploitation research. He has 6+ years of experience in Penetration Testing for his clients which include many global corporate giants. He is also a member of Red teams of selected clients.

He specializes in assessing security risks at secure environments which require novel attack vectors and “out of the box” approach. He has worked extensively on using Human Interface Device in Penetration Tests and PowerShell for post exploitation. He is creator of Kautilya, a toolkit which makes it easy to use HIDs in penetration tests and Nishang, a post exploitation framework in PowerShell. In his spare time, Nikhil researches on new attack methodologies and updates his tools and frameworks.

Nikhil has held trainings and boot camps for various corporate clients (in US, Europe and SE Asia), and at the world’s top information security conferences.He has spoken at conferences like Defcon, BlackHat USA, BlackHat Europe, RSA China, Troopers, DeepSec, PHDays, BlackHat Abu Dhabi, Hackfest, ClubHack, EuSecWest and more. He blogs at Lab of Penetration Tester.