Impersonating The Domain Administrator via SQL Server (via

Original article:
Daniel Compton, Information Security Consultant of 7Safe, demonstrates a internal infrastructure penetration test on a fully patched Windows network. Daniel demonstrates how it is possible to fully compromise the domain using a fully patched Microsoft SQL server that has a firewall enabled. Using the SQL server Daniel impersonates the domain administrator account without any passwords or password hashes being known or extracted. Daniel also demonstrates the risk or wireless networks and smart phone devices which can be used to carry out the attack.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s