Defcon 15
Defcon and Las Vegas was great this year. A number of great presentations, a reporter being chased out from the hotel and my friend ending up on the wall of sheep 
As promised I have put my updated presentation online together with the small DNS server used for the demonstration. You can find it here http://www.inspectit.se/dc15.html.
The queries in the end of the presentation are designed in order to work on both SQL Server 2000 and 2005.
As a side note something has changed in xp_dirtree in Microsoft SQL Server 2005 post SP2. Low privileged database users can still run the procedure and it performs DNS resolution, however it returns no results. An OS user being granted the exact same permissions gets the results as expected. The same applies for the xp_fileexists extended procedure.
Oh, and as always, feel free to contact me if you have any questions.
December 18th, 2007 at 1:39 am
Is there a work around for the low privileged database user to be able to run xp_fileexists?
This stored proc is used during the restore process, so my low-level users who are dbcreator role can no longer locate backup files.
Thanks,
Erin
January 23rd, 2008 at 3:46 am
Hi Erin,
I noticed this behaviour in SQL Server 2005 after I applied some of the service packs and updates. This is the reason why I chose the xp_dirtree in order to tunnel my data in DNS. What I noticed was that the xp_fileexists sp worked if you created an OS account and granted it the exact same database permissions as an account residing in the database. I don’t know if this still works and if this is an acceptable work around for you.
Regards,
Patrik