Suppose you’re working on a penetration test and you encounter a system running SQL Server 2008 and Microsoft Server 2008 R2. Because Microsoft removed debug.exe on Windows 7 x64 and Windows Server 2008, these systems won’t allow you to convert executables in a traditional way as defined in Chapter 11. That means you need to create a new module that will allow you to attack a Microsoft Server 2008 and SQL Server 2008 instance successfully.

We’ll make certain assumptions for purposes of this scenario. First, you’ve already guessed that the SQL Server password is blank, and you have gained access to the xp_cmdshell stored procedure. You need to deliver a Meterpreter payload onto the system, but all ports other than 1433 are ...