![]() INNER JOIN sys.server_principals AS ROLES ON LOGINS.principal_id = ROLE_mber_principal_id INNER JOIN sys.server_role_members AS ROLE_MEMBERSHIP * Only server role membership was db_creator to afford restore ability*/ WHERE type_desc NOT IN ('CERTIFICATE_MAPPED_LOGIN', 'SERVER_ROLE') * Can only see the restored DB it owns, the system databases, and WHAT RIGHTS DID RESTORING LOGIN HAVE ON INSTANCE? * Only has ownership over the restored copy of master*/ CONFIRMING RESTORE AS NON-PRIVILEDGED ACCOUNT That accomplished let's first look at the ownership of that restored database: WHERE type_desc != 'CERTIFICATE_MAPPED_LOGIN' MOVE N'mastlog' TO N'C:\Data\MSSQL12.MSSQLSERVER\MSSQL\DATA\copy_of_master.ldf',įROM copy_of_principals MOVE N'master' TO N'C:\Data\MSSQL12.MSSQLSERVER\MSSQL\DATA\copy_of_master.mdf', This will create a user database called copy_of_master. To highlight vulnerabilities when you don't properly secure the location of your backup files or protect your data or backups while at rest I'm going to restore this backup on a different SQL Server instance using a SQL login that had no rights on the instance from which the backup of master was derived: -RESTORE AS A COPY OF MASTER DATABASEįROM DISK = N'C:\Data\MSSQL12.MSSQLSERVER\MSSQL\Backup\master_foo.bak' Then I'll go through the process of restoring the backup of master as a copy. TO DISK = N'C:\Data\MSSQL12.MSSQLSERVER\MSSQL\Backup\master_foo.bak' Let's see if that's really the case.īelow I'll go through the process of backing up the master database as a privileged user with rights to do so: -BACKUP MASTER DATABASE While you can't apply extended stored procedure commands to the restored copies of the system databases (xp_login_info for example will run against the true system databases) it would appear you can directly query the databases for the information they store. You can take a backup of master, model, or msdb databases and restore them as you would any other user database under a new name and file location as a copy of the original. ![]() ![]() I recently had someone pose the following question to me: "Is it possible to collect login/security information from a backup of the master database?" Since I'm always looking for topics to write about here I wanted to answer that question here. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |