Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

new module: mssql > enable_cmdshell #557

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

new module: mssql > enable_cmdshell #557

wants to merge 1 commit into from

Conversation

crosscutsaw
Copy link

Description

during my engagements, i'm really tired of connecting mssql via impacket-mssqlclient, enable xp_cmdshell, do something, disable xp_cmdshell. so here is a high privilege module that enables or disables xp_cmdshell in mssql.

Type of change

  • New feature (non-breaking change which adds functionality)

How Has This Been Tested?

tested against a local fresh mssql server.

Screenshots (if appropriate):

enable:
enable

disable:
disable

Checklist:

  • I have ran Ruff against my changes (via poetry: poetry run python -m ruff check . --preview, use --fix to automatically fix what it can)
  • I have added or updated the tests/e2e_commands.txt file if necessary
  • New and existing e2e tests pass locally with my changes
  • My code follows the style guidelines of this project (should be covered by Ruff above)
  • If reliant on third party dependencies, such as Impacket, dploot, lsassy, etc, I have linked the relevant PRs in those projects
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation (PR here: https://github.com/Pennyw0rth/NetExec-Wiki)

@crosscutsaw
Create enable_cmdshell.py
619e477 
high privilege module that enables or disables xp_cmdshell in mssql server
@NeffIsBack
Copy link
Contributor

NeffIsBack commented Feb 9, 2025
edited
Loading

Thanks for the PR!
However i am not sure if this would improve NetExec. We already has an automatic check for show advanced options/xp_cmdshell which enables/disables them depending on the state of the DB.

EDIT: However, thanks to your screenshots i found a bug :D gonna fix the checks quick

@NeffIsBack
Copy link
Contributor

Fixed the bug in #560

@crosscutsaw
Copy link
Author

Thanks for the PR! However i am not sure if this would improve NetExec. We already has an automatic check for show advanced options/xp_cmdshell which enables/disables them depending on the state of the DB.

EDIT: However, thanks to your screenshots i found a bug :D gonna fix the checks quick

darn, i knew it! if i remember correctly, the -x command option worked without manually enabling xp_cmdshell. then some time after it broke. i thought there would be some bug but i couldn't figured it out, so created this module. :))

you're right about improvement but i think this module can be merged to main. think like a penetration tester found open xp_cmdshells that forgotten to be closed. so a system admin could use this module to bulk disable all xp_cmdshells with ease. or i'm a penetration tester and not sure about all tested xp_cmdshells closed. i can use this module to be sure.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zblurx zblurx Awaiting requested review from zblurx zblurx is a code owner

@Marshall-Hallenbeck Marshall-Hallenbeck Awaiting requested review from Marshall-Hallenbeck Marshall-Hallenbeck is a code owner

@NeffIsBack NeffIsBack Awaiting requested review from NeffIsBack NeffIsBack is a code owner

@mpgn mpgn Awaiting requested review from mpgn mpgn is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@crosscutsaw @NeffIsBack