Skip to content

Instantly share code, notes, and snippets.

View slayerlab's full-sized avatar
🐞

Slayer slayerlab

🐞
View GitHub Profile
@slayerlab
slayerlab / bad_sequel.py
Created March 6, 2020 17:36 — forked from 3xocyte/bad_sequel.py
PoC MSSQL RCE exploit using Resource-Based Constrained Delegation
#!/usr/bin/env python
# for more info: https://shenaniganslabs.io/2019/01/28/Wagging-the-Dog.html
# this is a rough PoC
# requirements for RCE:
# - the attacker needs to either have or create an object with a service principal name
# - the MSSQL server has to be running under the context of System/Network Service/a virtual account
# - the MSSQL server has the WebClient service installed and running (not default on Windows Server hosts)
# - NTLM has to be in use