Home Forums SQL Server 2008 T-SQL (SS2K8) How to call a batch file to execute from an SP RE: How to call a batch file to execute from an SP

  • March 24, 2013 at 3:08 pm

    #1600133

    Jeff Moden (3/24/2013)

    It takes 3ms for an attacker that get's in as "SA" to blow through so called "layering" to execute something using xp_CmdShell because their code is expecting it to be turned off and will turn it on.

    And, yes, I whole heartedly agree that the attack. malicious or by accident, frequently comes from within. I'm not blind to that fact. I think, however, you're blinded by the fact that you think disabling xp_CmdShell is a roadblock of any kind. A roadblock is effective only if there's no way around it. It takes no time for someone with "SA" privs to turn it on. Disabling xp_CmdShell lulls people into a false sense of security into thinking that no one can use it. And saying that turning it on is logged is simply saying there will be a documented testimony to bad security.

    Stop wasting time ad lulling people into a false sense of security by telling them to turn off xp_CmdShell. It's like telling people that someone could damage the database by using SSIS or Powershell. That's nothing but a veil over rotting meat. Let's get to the real problem. Anything and everything, including a turned off instance of xp_CmdShell, will be used against the systems if someone malicious gains or has access to the server as "SA".

    I am sorry, but I feel that you are looking at the exposure through to narrow of a lens, Jeff. It's not just about "blowing through" the layering. Your argument assumes that an attackers only reason to access an instance is to destroy it, which is rarely the case when it comes to internal attacks. It is usually to steal data or intellectual property and do it in such a way as to remain undetected. Enabling xp_cmdshell is an operation that is not so easily done in an undetectable manner, nor is using it. I am not sure how you can think that leaving an open conduit between the database engine and the server's file system, as well as a cmd shell prompt, while running under a different set of credentials than the person running it can be a safe thing to leave lying around.

    There are no special teachers of virtue, because virtue is taught by the whole community.
    --Plato