In this post I'm covering the risks brought on by not securing SQL Server's service account and setting it to run under a privileged account, and demo how an attacker can leverage it to gain access to the instance's host.
It was fun using Burp Suite Pro to demo data exfiltration through HTTP, as well as HoaxShell to demo initiating a reverse shell connection, all from SQL Server.

https://vladdba.com/2023/07/24/securing-sql-servers-service-account/

#sqlserver #dba #mssqlserver #mssql #sqlserverdba #windows #security #hoaxshell #burpsuite

Confirmed Un-obfuscated/unencoded #Villain / #Hoaxshell payload executes with @crowdstrike falcon detection service running on Windows 10. No ai or overwatch alerts. Good work by @t3l3machus on twitter/gihub

Confirmed Un-obfuscated/unencoded #Villain / #Hoaxshell payload executes with @crowdstrike falcon detection service running on Windows 10. No ai or overwatch alerts. Good work by @t3l3machus on twitter/gihub