xp_cmdshell command to Add User

Add user to Admin Group through SQL Server

Its absolutely bad practice to turn on xp_cmdshell without comprehensive security audit and security testing. By default this feature is turned off.
If you end up having the permission to execute xp_cmdshell, you can do all kind of cool tricks to access the server.
Simple command to add yourself as part of Administrator group.

exec xp_cmdshell ' net localgroup administrators John Doe /add'

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *