Is it possible to attach a database that is stored on a remote server because when I mapped a drive and tried to attach it in management studio, the drive does not show up as an option. I moved it because of disk space and if I cannot what is the alternative suggestions?
You should be able to attach a database on UNC path (I wouldn't use a mapped drive - that drive is mapped for you, not the SQL Server service account), but you have to ensure that the SQL Server service account has read/write permissions on the remote folder, and you have to run trace flag 1807 (please read Brent Ozar's post about this).
Also don't use the GUI for this. Once you have the trace flag set, have restarted the service, and have configured permissions correctly, use a new query window, and run the following command:
CREATE DATABASE db_name
ON (Filename = '\\uncpath\share\file.mdf'),
(Filename = '\\uncpath\share\file.ldf')
FOR ATTACH;
(The UI is never going to offer you a UNC path no matter what trace flags you have set or what permissions are enabled.)
Be prepared to handle a corrupted and possibly unrecoverable database should the network share go down, of course.
If that sounds scary to you, good! It should! This is not a good idea at all. Instead you should free up some space, add a drive, or host the database on a different instance.
Related
as the title states I don't understand the relation between permission to access a db and the permission to write/read files on the underlying OS.
In one of my latest CTF's I had to obtain access to a database and then read files of the server containing the flag. I know this is only possible if the compromised user has the file privilege, but my question remains the same.
Sqlmap states in its features it can accomplish this:
Support to download and upload any file from the database server underlying file system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.
Now my specific questions:
What is the core feature/problem that allows this OS access?
Why are the permission connected?
Are other DBMS also vulnerable to this and is it a general problem (meaning sqlmap just doesn't provide the exploit for other dbms yet)?
In my eyes the permissions should be treated differently and the db user should not have permissions on the OS, except the files with relation to the DBMS.
Thanks in advance, I know the question is not limited to one aspect and contains various fundamental topics. I'm also willing to do more research, but maybe there is an answer that facilitates my learning process.
I am not sure about the others, but the below is true of MySQL and MariaDB.
You would need an additional exploit for local privilege escalation to gain access to any files the database user has no access to. The file path available for access is in the system variable secure_file_priv. Dumping/loading data from any other location will not be possible.
Additionally, executing commands is not possible without a UDF plugin that would allow you to execute arbitrary commands. Such things exist, but are not part of MySQL / MariaDB - it is something the sysadmin/DBA on the DB server would have to install themselves. Without this, you wouldn't be able to get the list of files.
Then there are the OS level protections:
1) POSIX level privileges
This is regular user/group file systems permissions.
2) Secondary hardening, e.g. SELinux or AppArmor
This will prevent the running process from accessing paths, ports and other resources that don't match the context or path defined in the security policy.
In short, you cannot access/retrieve arbitrary files through the database layer unless the server is deliberately (mis)configured in a way that would allow you to do so, and it would take active effort to configure a MySQL or MariaDB server in a way that would leave it open to this.
On my shared webhost, I have very limited ssh access (only via imscp instantSSH plugin). I want to set up a script to download my whole mysql database as an sql file, but I cant figure it out.
I cant use mysqldump so I tried the mysql command, which is available, but it isn working.
I have to specify username, password, host and database, and my password contains special characters.
Anyone can help me?
If your shared host allow mysql remote connections then you can use any MySQL software to connect to the database and then extract whatever information you need. Tools like these are: HeidiSQL, NavicatGui etc.
Another way would be the one suggested by Akshay Khale.
A 3rd one would be to use phpMyAdmin (most shared web hosting have this installed by default).
A 4th one would to create a simple php script that runs mysqldump locally, saves the .sql dump file either locally on your shared hosting or remotely via FTP/SFTP or any other protocal. Also the same script can email you that file (inline or as an attachment to the email). This kind of automation can be configured using a cron job.
There are multiple ways to achieve this. It all depends on which one suits you best.
As the author of the InstantSSH plugin for i-MSCP, I can say you that you should ask your HPs to make the mysqldump command available from your chrooted shell. The host administrator can add any command to the chroot by editing the InstantSSH plugin configuration file.
I have a SQL script which selects data from DB and stores it to files. I am unable to create a directory to store these files.
I have shell script that loads the SQL file. Shell and the SQL are on separate server than MySQL db. I would prefer to create this directory using SQL as I want to avoid ssh.
Any suggestions? Surprisingly I couldn't find anything on Google.
I will assume that you're using mysql, according to your tags. You could do it with a Microsoft SQL Server or Oracle database but unfortunately, at the moment, there is no solution to create a directory from MySQL.
Some will guide you with a workaround based on the creation of a data directory, I wouldn't recommand this, as it could lead to performances issues in the future, or worst.
The best solution would be to use a script (java, vbscript, SSH, batch, ...). Again, you won't be able to start this script within your SQL query easily. I know that's no good news, but it is important not to lead you on the wrong direction.
I would suggest to reverse your thinking, and start your SQL query from a script (again, any language you're used to).
I couldn't find any other way other than opening ssh session to the target box.
Open ssh session
Create directory
close ssh session
Load sql file using shell
The sql adds the generated files to the directory created in step 2.
ssh -t $USER#$HOST <<-SSH-END;
mkdir -p "dir/path";
exit;
SSH-END
Sharing just in case someone else needs to do the same.
I want to give a remote site (owned my someone else) access to the mysql database on my server that is password protected, but I dont want to reveal the actual password to them.
Is it possible to have the mysql access file (with username and pswd) on my server, and they just connect through it, so that their site can access data in my MYSQL db, but I am not actually openely revealing the pswd to them.
Can such access also be give on a read only basis. I just want to make it so they can query the database, but not download the whole database or make changes to it.
The remote party will need credentials to be able to do anything with your MySQL database. Even if you were to open up some sort of file share to let them get to the physical files, that still doesn't let them do anything with the files (and it is not a good idea to expose the actual files outside of the database server).
Setup a separate user account just for them that provides them with just the permissions they need.
You can limit which MySQL databases the are allowed to access, and exactly what they can do in each individual database.
https://dev.mysql.com/doc/refman/5.5/en/adding-users.html
I am using SQL Server Management Studio running on my local machine.
I can log on to a remote box (database engine) and use the
Studio to create a database backup which is saved to a drive on the remote box.
How do I get it to save the backup to a drive on my local machine?
See this MSDN article, for the section on backing up to a network share, e.g.:
BACKUP DATABASE YourDatabase
TO DISK = '\\SomeMachine\Backups\YourDatabase.Bak';
Backing Up to a File on a Network
Share For SQL Server to access a
remote disk file, the SQL Server
service account must have access to
the network share. This includes
having the permissions needed for
backup operations to write to the
network share and for restore
operations to read from it. The
availability of network drives and
permissions depends on the context is
which SQL Server service is running:
To back up to a network drive when SQL
Server is running in a domain user
account, the shared drive must be
mapped as a network drive in the
session where SQL Server is running.
If you start Sqlservr.exe from command
line, SQL Server sees any network
drives you have mapped in your login
session.
When you run Sqlservr.exe as
a service, SQL Server runs in a
separate session that has no relation
to your login session. The session in
which a service runs can have its own
mapped drives, although it usually
does not.
You can connect with the
network service account by using the
computer account instead of a domain
user. To enable backups from specific
computers to a shared drive, grant
access to the computer accounts. As
long as the Sqlservr.exe process that
is writing the backup has access, it
is irrelevant whether the user sending
the BACKUP command has access.
STEP 1 : From sql-server 2008 connect to remote server
STEP 2 : Right Click server database
STEP 3 : Select Export Option
STEP 4 : Follow Instructions, Import to local server database and Backup from Local database
In Microsoft SQL Server Management Studio you can right-click on the database you wish to backup and click Tasks -> Generate Scripts.
This pops open a wizard where you can set the following in order to perform a decent backup of your database, even on a remote server:
Select the database you wish to backup and hit next,
In the options it presents to you:
In 2010: under the Table/View Options, change 'Script Data' and 'Script Indexes' to True and hit next,
In 2012: under 'General', change 'Types of data to script' from 'Schema only' to 'Schema and data'
In 2014: the option to script the data is now "hidden" in step "Set Scripting Options", you have to click the "Advanced" and set "Types of data to script" to "Schema and data" value
In the next four windows, hit 'select all' and then next,
Choose to script to a new query window
Once it's done its thing, you'll have a backup script ready in front of you. Create a new local (or remote) database, and change the first 'USE' statement in the script to use your new database. Save the script in a safe place, and go ahead and run it against your new empty database. This should create you a (nearly) duplicate local database you can then backup as you like.
If you have full access to the remote database, you can choose to check 'script all objects' in the wizard's first window and then change the 'Script Database' option to True on the next window. Watch out though, you'll need to perform a full search & replace of the database name in the script to a new database which in this case you won't have to create before running the script. This should create a more accurate duplicate but is sometimes not available due to permissions restrictions.
You can't - the remote machine has no information about your local machine's setup and cannot see the drives on it. You'd have to setup a shared folder on your local machine, and make sure the remote machine has access to it (which will mean both the SQL Server Agent and SQL Server services on the remote machine will need access to it via domain accounts).
If the remote machine is on the same network as your machine, see AdaTheDev's answer.
Otherwise you'll have to RDP or FTP into the remote machine and transfer the backup manually. I recommend 7-zip'ing it by the way.